Security Directory

W

WTSH GmbH

digitalhub.sh

54

DigitalHub.SH, operated by WTSH GmbH, is a government-affiliated initiative focused on promoting digital sovereignty and open source solutions within Schleswig-Holstein's public administration, non-profit, and business sectors. The website serves as a central hub for information, networking, and support services, emphasizing sustainable digital transformation and innovation. The organization positions itself as a key intermediary between the state government, municipalities, and regional digital enterprises, fostering collaboration and knowledge exchange. Technically, the website is built on the gradwerk CMS platform with standard web technologies including HTML5, CSS3, JavaScript, and jQuery. It demonstrates good mobile optimization, accessibility, and SEO practices, though some modern security enhancements like DNSSEC are not yet implemented. The site employs HTTPS and a cookie consent mechanism aligned with GDPR requirements, reflecting a mature approach to privacy compliance. From a security perspective, the site shows a solid baseline with HTTPS and domain transfer protections but lacks explicit security policies or incident response contacts. No critical vulnerabilities or suspicious patterns were detected. The WHOIS data aligns well with the business entity and domain age is appropriate for the organization's recent founding. Overall, DigitalHub.SH presents a professional, trustworthy, and well-structured digital presence supporting its mission. Strategic improvements could include enhancing DNS security, publishing formal security policies, and expanding incident response transparency to further strengthen trust and resilience.

W

WTSH GmbH

wasserstoffwirtschaft.sh

58

The website represents the Landeskoordinierungsstelle Wasserstoffwirtschaft SH, operated by WTSH GmbH, a government-affiliated entity focused on promoting and coordinating the green hydrogen economy in Schleswig-Holstein, Germany. It serves as a regional hub for supporting hydrogen projects, facilitating funding, knowledge transfer, and networking among stakeholders. The site is professionally designed, content-rich, and targeted at businesses, policymakers, and researchers involved in the hydrogen sector. Technically, it uses the gradwerk CMS platform with modern web technologies and demonstrates good mobile optimization and accessibility. Security posture is adequate with HTTPS enforced and domain management best practices observed, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is strong with clear policies and cookie consent mechanisms. Contact information is complete and transparent, enhancing business credibility. Overall, the site is trustworthy, well-maintained, and aligned with its stated mission.

C

co2online

co2online.de

76

co2online is a German nonprofit organization providing independent and free energy saving advisory services focused on electricity, heating, and energy-efficient modernization. The website targets private households and individuals interested in climate protection and energy savings. It offers key services such as energy saving tips, funding information, and online energy checks. Technically, the site is built on TYPO3 CMS with modern web technologies and integrates a comprehensive accessibility tool (digi·access) supporting multiple languages, reflecting a strong commitment to inclusivity. Security posture is moderate with HTTPS usage implied but lacks explicit security headers and formal privacy or cookie policies. No contact information or incident response details are found in the provided content, which limits transparency. Overall, the site is professional, trustworthy, and well-structured but would benefit from enhanced privacy compliance and security disclosures.

I

i+m NATURKOSMETIK BERLIN

iplusm.berlin

54

i+m NATURKOSMETIK BERLIN is a small German company specializing in natural, fair, organic, and vegan cosmetics. The website serves as an e-commerce platform targeting consumers interested in ethical and natural skincare products. The business appears to be well-established with a domain age since 2014, consistent with its market presence. Technically, the website is built on WordPress, utilizing Yoast SEO for optimization and Google Tag Manager for analytics, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features could be improved. Security posture is basic with HTTPS enabled but lacking DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Overall, the site is professional and trustworthy but would benefit from improved security and privacy practices.

F

FORSTORY

forstory.de

44

FORSTORY is a small Munich-based film agency specializing in storytelling with a focus on sustainability. The company positions itself as a niche player in the media industry, offering film production, impact films, workshops, and social business consulting. The website is professionally designed with clear navigation and good mobile optimization, reflecting a moderate level of digital maturity. The technical infrastructure includes modern web technologies such as HTML5, CSS3, JavaScript, and integration of Vimeo for video content. Matomo analytics is used for user tracking, indicating some privacy-conscious choices. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and a privacy policy page, which are recommended for compliance and trust. No contact emails or phone numbers are explicitly provided on the site, which may affect user trust and business credibility. WHOIS data is minimal but consistent with the hosting provider, with no suspicious indicators. Overall, the website is safe, professional, and targeted at a general audience interested in sustainability storytelling.

acb.studio is a small digital design studio specializing in sustainable digital products, focusing on analysis, creation, and building of digital solutions with an emphasis on sustainability. The website presents a professional and modern design with clear messaging targeting businesses interested in sustainable digital product design. The technical infrastructure includes modern web fonts, SVG animations, and cloud-hosted images, indicating a contemporary digital maturity level. Security posture is moderate with HTTPS likely enabled but lacking visible security headers and explicit privacy or cookie policies. No contact information or incident response details are provided, which could impact trust and compliance. Overall, the website is functional and professional but would benefit from enhanced security and privacy disclosures.

B

Bertelsmann Stiftung

bertelsmann-stiftung.de

50

Bertelsmann Stiftung is a well-established non-profit foundation based in Germany, focusing on societal change through projects, studies, and events. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content aimed at a broad audience including policymakers, researchers, and the general public. Technically, the site is built on TYPO3 CMS with modern web technologies and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and basic security headers, though explicit security policies and incident response information are not publicly disclosed. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professionally managed, with no signs of malicious activity or vulnerabilities.

G

Gut Klostermühle

gut-klostermuehle.com

49

Gut Klostermuehle is a boutique hospitality and wellness provider located in Brandenburg, Germany, offering unique accommodation, spa, culinary, and event services in a natural lakeside setting. The website is professionally designed using TYPO3 CMS and integrates modern tracking and marketing tools such as Google Tag Manager and Facebook Pixel. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Security posture is generally good with HTTPS enforced, but lacks some recommended security headers and incident response information. The domain WHOIS data is unavailable, which slightly impacts trust but the website content and business information appear consistent and professional. Overall, the site presents a trustworthy and user-friendly digital presence for its hospitality business.

SEENcard.de is a regional print media business focused on distributing compact flyers for the Mecklenburgische Seenplatte tourism region. Their business model centers on placing SEENcardBOX units at well-frequented tourist and commercial locations to provide targeted advertising and information to tourists and residents. The website is primarily in German and targets local businesses and visitors. Technically, the site uses legacy JavaScript libraries such as jQuery 1.3.2 and Cufon for font replacement, indicating some technical debt. Google Analytics is implemented with IP anonymization, and a cookie consent banner is present, showing basic privacy compliance. However, no advanced security headers or modern frameworks are detected, and the site lacks visible contact emails or phone numbers, relying on a contact form instead. The WHOIS data is limited but consistent with a small business using commercial hosting. Overall, the site is functional and professionally presented but would benefit from modernization and enhanced security measures.

C

Colruyt

collectandgo.be

69

Colruyt's Collect&Go website is a well-established online grocery shopping platform serving Belgian consumers. It offers convenient services such as product reservation, collection at over 220 points, and home delivery. The site reflects a strong market position as part of the Colruyt Group, a major retail player in Belgium. The business model focuses on e-commerce retail with a clear target audience of Belgian shoppers seeking efficient grocery solutions. Technically, the website employs modern JavaScript frameworks like Vue.js and jQuery, integrates Font Awesome for icons, and uses Tealium for analytics and marketing. The site is mobile-optimized and includes accessibility features, though these could be enhanced further. Security posture is solid with HTTPS enforced, security headers present, and no visible vulnerabilities. Privacy compliance is evident with comprehensive privacy and cookie policies and consent mechanisms. WHOIS data is privacy protected, which is typical for commercial retail sites, and no suspicious patterns were detected. Overall, the website is professional, trustworthy, and aligns well with business credibility standards.

Y

Yuga Labs

yuga.com

60

Yuga Labs is a prominent technology company specializing in the creation and development of NFT projects and web3 community experiences, notably known for the Bored Ape Yacht Club and related initiatives. The company positions itself as a leader in the web3 space, focusing on storytelling, community engagement, and digital art innovation. The website reflects a modern and professional digital presence with consistent branding and targeted messaging towards NFT enthusiasts and the broader web3 community. Technically, the website employs modern JavaScript frameworks such as Nuxt.js, utilizes Prismic CMS for content management, and leverages Cloudflare for DNS and likely CDN services. Analytics are implemented via Plausible and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features are basic. From a security perspective, the site enforces HTTPS and uses domain status flags to protect against unauthorized domain changes. However, DNSSEC is not enabled, and no security headers were detected in the provided data, which could be improved. The absence of privacy and cookie policies, as well as contact information, represents compliance and transparency gaps. No forms or direct data collection mechanisms were found, reducing immediate risk exposure. Overall, the website is trustworthy and professionally maintained but would benefit from enhanced privacy compliance, security header implementation, and clearer contact channels to improve user trust and regulatory adherence.

M

MANDARIN

mandarin-medien.de

58

MANDARIN is a German-based one-stop agency specializing in marketing, digital transformation, IT services, and employer branding. The company positions itself as a holistic partner for change and transformation, targeting businesses seeking to improve their digital presence and internal processes. The website showcases a professional design with rich multimedia content, including videos and client references, indicating a mature digital infrastructure. Technically, the site is built on modern frameworks such as Next.js and React, optimized for performance and mobile responsiveness. Security posture is strong with HTTPS, security headers, and GDPR-compliant cookie consent mechanisms integrated with Google Consent Mode. However, no explicit security policy or incident response information is published, which could be improved. The WHOIS data is privacy protected, common for agencies, and does not raise immediate concerns. Overall, the site reflects a credible and professional digital agency with a solid market presence.

D

DashBO your User-Generated Content (UGC) platform

dashbo.xyz

57

DashBO is a small technology platform launched in 2023 that offers a dashboard for user-generated content focused on NFT services, 3D modeling, animation, and AI-generated chatbots. The website presents a niche offering targeting creators and users interested in digital and NFT-related creative services. The platform uses modern frontend technologies such as React and hosts static assets on Google Cloud Storage, indicating a contemporary technical infrastructure with moderate performance and mobile optimization. However, the site lacks comprehensive SEO and accessibility features. From a security perspective, the website uses HTTPS (implied by the URL) but lacks visible security headers and does not provide privacy, cookie, or terms of service policies, which are critical for compliance and user trust. No contact or incident response information is available, limiting transparency and user support. The domain registration is consistent with the business claims, being recently created in 2023 and registered with Go Daddy, LLC, with standard domain status protections in place. Overall, the website is functional but basic in content quality and security posture. It does not exhibit any adult or questionable content and targets a general audience interested in digital creative services. The lack of privacy and contact information, as well as missing security best practices, reduces the overall trustworthiness and compliance level. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, adding contact and incident response information, enabling DNSSEC, and improving security headers and SEO features to enhance trust, compliance, and security posture.

F

Finanzamt Neubrandenburg (RiA)

finanzamt-rente-im-ausland.de

51

The website www.finanzamt-rente-im-ausland.de is the official online presence of the Finanzamt Neubrandenburg (RiA), the central German tax office responsible for pensioners living abroad. It provides comprehensive information on the taxation of German pensions for residents outside Germany, including legal frameworks, payment options, and contact details. The site targets retirees receiving German pensions abroad and offers multilingual support to accommodate diverse users. The business model is public sector service provision under the Finanzministerium des Landes Mecklenburg-Vorpommern, positioning it as a unique and essential government entity in this niche. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with a moderate performance profile and basic mobile optimization. SEO practices are good with proper meta tags and structured navigation. However, no advanced frameworks or CMS are detected, and hosting details remain unknown. Security posture is adequate with HTTPS usage implied, but lacks explicit security headers and formal security or incident response policies. Privacy compliance is strong with a clear and comprehensive privacy policy, though no cookie consent mechanism is present. Security-wise, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of a security.txt or vulnerability disclosure policy is a minor gap. Contact information is transparent and professional, enhancing trust. No advertising or tracking technologies are detected, supporting user privacy. Overall, the site is trustworthy, professional, and well-suited for its government service role. The overall risk is low given the official nature and content safety. Strategic recommendations include enhancing security headers, adding vulnerability disclosure information, improving mobile and accessibility features, and implementing cookie consent mechanisms to align with best privacy practices.

B

Bundeszentralamt für Steuern

bzst.de

65

The Bundeszentralamt für Steuern (Federal Central Tax Office) operates as the official German federal government agency responsible for tax administration and related services. The website serves multiple target audiences including private individuals, businesses, and government authorities, providing comprehensive tax-related information, digital services, and regulatory guidance. It holds a strong market position as the authoritative tax authority in Germany. Technically, the website is built on the Government Site Builder CMS and hosted by ITZBund, the federal IT service provider. It employs Matomo analytics hosted internally to ensure privacy compliance. The site is well-structured, mobile-optimized, and accessible, reflecting a mature digital infrastructure suitable for a government entity. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR. While explicit security headers and vulnerability disclosure pages are not detected, no critical vulnerabilities or exposed sensitive data were found. The WHOIS data aligns consistently with the official government entity, reinforcing legitimacy. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security headers and publish incident response or vulnerability disclosure information.

F

Financial administrations of the federal states and the federal government, represented by the IT steering group

steuerchatbot.de

63

The website steuerchatbot.de is an official German government service providing a tax chatbot to assist citizens with tax-related questions. It is designed to offer general tax information without providing personalized tax advice, aiming to improve citizen service and reduce workload on tax offices. The service supports multiple languages and is accessible 24/7. The technical infrastructure uses modern web technologies including Bootstrap and JavaScript, embedding the chatbot via an iframe with backend services hosted by IBM Deutschland GmbH and translation services by DeepL GmbH. The site is well-structured, mobile-optimized, and presents comprehensive privacy and terms of use information in modals. Security practices include encrypted data transmission and limited data retention, though explicit security headers are not evident in the provided data. No cookie policy or consent mechanism was found. Contact information is clearly provided with official government addresses, emails, and phone numbers. Overall, the site demonstrates a good balance of usability, compliance, and trustworthiness appropriate for a government digital service.

O

OSZ I Technik des Landkreises Potsdam-Mittelmark

osz-teltow.de

53

OSZ I Technik des Landkreises Potsdam-Mittelmark is a regional vocational school in Germany specializing in technical education across multiple disciplines such as electrical engineering, IT, automotive mechatronics, media, sanitary and heating technology, and water construction. The institution serves students and apprentices primarily within the Potsdam-Mittelmark district, providing structured vocational training and apprenticeship programs. The website reflects a professional educational institution with clear contact information and program offerings but lacks comprehensive privacy and cookie policies, which are important for GDPR compliance. Technically, the website is built on WordPress 6.8.3, utilizing standard web technologies such as HTML5, CSS, and JavaScript. The site is moderately optimized for performance and mobile devices, with basic accessibility features. Security posture is adequate with HTTPS enabled but could be improved by implementing security headers and a vulnerability disclosure policy. No tracking or advertising scripts were detected, indicating a privacy-conscious approach, though the absence of privacy and cookie policies is a notable compliance gap. Overall, the security posture is moderate with room for improvement in privacy compliance and security best practices. The domain registration data aligns well with the website's identity, showing legitimacy and consistency. The site is safe for general audiences, with no adult or explicit content detected. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enhancing security headers, adding a vulnerability disclosure policy, and improving accessibility compliance to strengthen trust and regulatory adherence.

I

IHK Potsdam

ihk-potsdam.de

74

IHK Potsdam operates as a regional chamber of commerce and industry serving businesses, founders, apprentices, and trainers in Brandenburg, Germany. The website provides information about services, events, and political engagement relevant to its target audience. The organization holds a solid market position as a government-related entity supporting regional economic development. Technically, the website is built on the CoreMedia CMS platform, employs modern web technologies, and integrates third-party services such as Cookiebot for cookie consent management and eTracker for analytics. The site is well-optimized for mobile and accessibility, with good SEO practices in place. Security-wise, the website enforces HTTPS, uses CSRF tokens, and implements cookie consent with granular user controls. However, it lacks explicit security headers like Content-Security-Policy and does not provide a security.txt or incident response contacts. Overall, the site demonstrates a good security posture with room for improvement in transparency and security header implementation. The domain WHOIS data is consistent with the website's professional and governmental nature, showing no privacy protection and appropriate registration status. No WAF or blocking mechanisms were detected, allowing full content access and analysis.

G

Google LLC

googleplay.com

73

Google Play Games is a digital distribution platform operated by Google LLC, serving as the official app store for Android and Windows devices. It provides users access to a wide range of games and applications, leveraging Google's extensive cloud infrastructure and technology stack. The platform is a market leader in app distribution with a comprehensive ecosystem supporting developers and users worldwide. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, and reCAPTCHA, ensuring robust performance, security, and user experience. Security posture is strong with HTTPS enforcement, security headers, and privacy policies aligned with GDPR standards. No critical vulnerabilities or blocking mechanisms were detected, indicating a mature and secure platform. Overall, the site demonstrates high professionalism, trustworthiness, and compliance, making it a reliable service for digital content distribution.

L

Landesförderinstitut Mecklenburg-Vorpommern

lfi-mv.de

64

The Landesförderinstitut Mecklenburg-Vorpommern (LFI M-V) operates as the central funding service provider for the state of Mecklenburg-Vorpommern, Germany. It offers a variety of public funding programs targeting businesses, founders, municipalities, private individuals, and organizations. The website reflects a government-oriented institution with a clear focus on facilitating access to funding and providing comprehensive information about available programs and related statistics. The site is well-branded, consistent, and includes EU co-financing indicators, enhancing trust and legitimacy. Technically, the website employs standard web technologies such as HTML5, CSS3, JavaScript, and jQuery-based components like Owl Carousel. The site is mobile-optimized, accessible, and SEO-friendly, though no specific CMS or hosting provider details are evident. Performance is moderate, with no critical technical issues detected. From a security perspective, HTTPS is used, and a cookie consent mechanism is implemented, indicating GDPR compliance. However, explicit security headers and incident response policies are not published, and no vulnerability disclosure mechanisms are present. The site does not expose sensitive data or use vulnerable libraries based on the provided content. Overall, the security posture is adequate but could be improved with additional policies and headers. The risk assessment is low given the nature of the site as a government funding portal with no adult or questionable content. Strategic recommendations include enhancing security headers, publishing security policies, and providing clear contact information for security incidents to improve trust and compliance further.

E

Ehrenamtsstiftung Mecklenburg-Vorpommern

ehrenamtskarte-mv.de

10

The Ehrenamtskarte MV website serves as an informational platform for the Ehrenamtskarte Mecklenburg-Vorpommern, a regional government and non-profit initiative recognizing volunteer engagement. It provides detailed information about the card, application processes, benefits, and partner organizations. The site targets volunteers and community members in Mecklenburg-Vorpommern, offering a well-structured and professionally designed user experience with good mobile optimization and accessibility. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and integrates Google Analytics for visitor tracking with user consent. Security posture is moderate with HTTPS usage implied but lacks explicit security headers and incident response contacts. Privacy compliance is well addressed with a clear cookie consent mechanism and a linked privacy policy. Overall, the site is trustworthy and professional, supporting its mission to promote volunteerism in the region.

V

Verfassungsschutz Mecklenburg-Vorpommern

verfassungsschutz-mv.de

62

The website www.verfassungsschutz-mv.de serves as the official online presence of the Verfassungsschutz (Office for the Protection of the Constitution) of Mecklenburg-Vorpommern, Germany. It provides comprehensive information about the agency's mission to protect the democratic constitutional order against extremist threats. The site targets citizens, political stakeholders, and interested parties by offering detailed content on various extremist fields, legal frameworks, reports, and public service announcements. The business model is that of a government agency focused on transparency and public awareness. Technically, the website is built on standard web technologies including HTML5, CSS, and JavaScript, likely managed via a custom or proprietary CMS. The site is moderately performant, mobile-optimized, and accessible, with clear navigation and structured content. No advanced frameworks or third-party analytics/tracking tools were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed from domain and typical government standards), implements cookie consent mechanisms, and avoids exposing sensitive data. However, no explicit security headers or incident response policies are published, and forms use GET methods without sensitive data collection. No vulnerability disclosure or security.txt files are present, which could be improved. Overall, the website is trustworthy, professional, and compliant with GDPR requirements, providing valuable public service content. The domain and hosting align with regional government infrastructure, supporting legitimacy. Recommendations include enhancing security headers, publishing security policies, and adding incident response contacts to strengthen security posture and user trust.

S

Steuerportal Mecklenburg-Vorpommern

steuerportal-mv.de

10

Steuerportal Mecklenburg-Vorpommern is an official government portal dedicated to providing tax-related information and services for the Mecklenburg-Vorpommern region in Germany. It serves citizens, businesses, and tax professionals by offering access to local tax offices, tax law guidance, service brochures, appointment scheduling, and up-to-date tax news. The portal is positioned as an authoritative regional government resource with a clear focus on public service and compliance facilitation. Technically, the website employs standard web technologies such as HTML5, CSS, and JavaScript, with a likely custom content management system tailored for government use. The site demonstrates good mobile optimization, accessibility, and SEO practices, although no major modern frameworks or platforms are explicitly detected. Performance is moderate, and the site includes a cookie consent mechanism to comply with privacy regulations. From a security perspective, the portal uses HTTPS (implied by the domain and typical government standards), but explicit security headers and incident response policies are not visible. No vulnerabilities or exposed sensitive data were detected in the HTML content. The site lacks a published security.txt or vulnerability disclosure policy, which could enhance transparency and security posture. Overall, the website is trustworthy and professional, with high content relevance and clear navigation. The absence of direct contact emails or phone numbers on the homepage is typical for government portals that centralize contact through other channels. The WHOIS data is limited but consistent with regional government hosting, supporting legitimacy. No WAF or blocking mechanisms interfere with content access, enabling full analysis. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and providing clearer contact channels for security issues to strengthen trust and compliance.

M

Ministerium für Wirtschaft, Infrastruktur, Tourismus und Arbeit Mecklenburg-Vorpommern

investorenportal-mv.de

10

The website www.investorenportal-mv.de serves as the official government portal for economic development and investor support in Mecklenburg-Vorpommern, Germany. It provides comprehensive information on investment opportunities, regional advantages, sector strengths, and support services including funding and workforce availability. The portal targets investors and businesses interested in establishing or expanding operations in the region, positioning itself as a trusted government resource. Technically, the site is built on the OpenCms content management system and employs standard web technologies such as HTML5, CSS, and JavaScript. It features a responsive design with good accessibility and SEO practices. The cookie consent mechanism is robust, offering granular user control and compliance with GDPR requirements. Analytics usage is minimal and privacy-conscious, relying on server log analysis and optional third-party video embed tracking. From a security perspective, the site uses HTTPS and implements cookie consent but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious domains were detected. The WHOIS data is limited but consistent with a legitimate government domain. Overall, the site demonstrates a solid security posture with room for improvement in formal security documentation and header implementation. The overall risk is low given the official nature and content safety of the site. Strategic recommendations include enhancing security headers, publishing a security policy, and maintaining privacy best practices to further strengthen trust and compliance.

G

GeoPortal.MV

geodaten-mv.de

64

GeoPortal.MV is the official geospatial data platform for the German state of Mecklenburg-Vorpommern, providing citizens, authorities, and businesses with access to a wide range of geodata services including thematic maps, geodata viewers, and geospatial web services. The portal is well-positioned as a government service platform with a clear focus on geoinformation infrastructure and public sector data dissemination. Technically, the website employs standard web technologies such as HTML5, CSS, JavaScript, and jQuery, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and secure form handling, though it lacks advanced security headers and a public security policy or incident response contacts. Privacy compliance is good, with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional, trustworthy, and serves its public sector mission effectively.

N

NOTUS energy

notus.de

53

NOTUS energy is a well-established company specializing in wind and solar energy project development, financing, and management. The company operates internationally across 18 countries, offering a broad range of services from project conception to operation and asset management. Their website reflects a professional and comprehensive presentation of their business, targeting investors, project developers, municipalities, and other stakeholders in the renewable energy sector. The company positions itself as a strong partner in the transition to climate-friendly energy solutions. Technically, the website is built on Drupal CMS with modern web technologies including HTML5, CSS3, JavaScript, and mapping via Leaflet.js. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Google Analytics is used with IP anonymization, and cookie consent mechanisms comply with GDPR requirements. From a security perspective, the site uses HTTPS and implements privacy-conscious analytics configurations. However, explicit security headers and incident response policies are not evident. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is consistent with the business claims, showing no privacy protection or suspicious registration patterns. Overall, the website demonstrates a high level of professionalism, compliance, and technical maturity, with room for improvement in explicit security policy disclosures and security header implementations.

M

MASLATON Rechtsanwaltsgesellschaft mbH

maslaton.de

42

MASLATON Rechtsanwaltsgesellschaft mbH is a German law firm specializing in renewable energy law, air traffic law, and other civil and public law areas. With headquarters in Leipzig and branches in Munich and Cologne, the firm serves businesses, municipalities, and aviation clients. It holds a strong market position as a top-ranked law firm in energy law, offering comprehensive legal services including wind energy, biomasse, photovoltaic, and electromobility. The website reflects a professional and trustworthy brand with clear contact channels and client testimonials. Technically, the website uses modern web technologies including Matomo analytics configured for privacy, SVG icons, and responsive design. Hosting is via kasserver.com, and the site is served over HTTPS with good SSL configuration. However, no explicit cookie consent mechanism or advanced security headers were detected, indicating room for improvement in privacy compliance and security hardening. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of a security policy or incident response contacts suggests limited transparency in security governance. The firm demonstrates GDPR compliance through a comprehensive privacy policy and cookie-less tracking setup. Overall, the website and domain registration data align well, indicating a legitimate and credible business presence. Strategic recommendations include implementing cookie consent, enhancing security headers, and publishing security and incident response policies to further strengthen trust and compliance.

B

BNW Bundesverband Nachhaltige Wirtschaft e.V.

bnw-bundesverband.de

61

BNW Bundesverband Nachhaltige Wirtschaft e.V. is a well-established German non-profit association founded in 1992, focused on promoting sustainable and socially responsible economic practices. It serves as a network and political voice for progressive companies committed to ecological and social transformation. The website is professionally designed using Drupal 10, optimized for mobile, and includes rich content such as member testimonials, news, and event information. The technical infrastructure is modern and hosted by Hetzner, with good performance and accessibility standards. Security posture is strong with HTTPS and cookie consent mechanisms, though some security headers and explicit incident response policies are not visible. The domain registration is consistent with the organization's history and location, indicating legitimacy and trustworthiness.

G

glagolITico d.o.o.

glagolitico.hr

43

glagolITico d.o.o. is a Croatian IT consulting company specializing in CRM and contact center solutions, with a strong focus on SAP Sales and Service Cloud implementations and Sinch Contact Pro products. The company targets large and complex organizations across multiple industries including telecommunications, energy, manufacturing, and finance. Their market position is reinforced by their SAP PartnerEdge membership and multiple certifications from recognized vendors such as Oracle and TMforum. The website presents a professional image with clear business information and a detailed project portfolio. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and jQuery, with some integration of Google APIs. Hosting is managed through CARNET, a Croatian academic and research network, which aligns with the company's location. The site shows basic mobile optimization and moderate performance but lacks advanced SEO and accessibility features. From a security perspective, the site does not display visible security headers or privacy and cookie policies, indicating gaps in GDPR compliance and security best practices. No forms or data collection mechanisms are present, reducing immediate risk exposure. WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the security posture is moderate but could be improved by implementing HTTPS, security headers, and privacy documentation. The overall risk is moderate with no critical vulnerabilities detected. Strategic improvements in privacy compliance and security hardening would enhance trust and regulatory adherence.

C

Copy Electronic

copy-electronic.hr

50

Copy Electronic is a well-established Croatian company specializing in the sale, rental, and servicing of IT equipment, including printers, scanners, projectors, and related office technology. With a domain registered since 1997 and a clear focus on business customers, the company positions itself as a reliable provider of comprehensive office IT solutions. Their online presence includes a webshop with a broad product catalog and customer service features such as live chat and clear contact details. Technically, the website employs modern analytics tools like Google Analytics and Microsoft Clarity, and uses Google Tag Manager for marketing and tracking purposes. The site is hosted under a Croatian registrar (CARNET), uses HTTPS, and shows good compliance with GDPR and cookie regulations. However, explicit security policies and incident response contacts are not found, which could be improved to enhance trust and security posture. Overall, the website is professional, user-friendly, and trustworthy, serving a medium-sized business audience in Croatia.

D

Danone

danone.lt

65

Danone.lt is the Lithuanian regional website of Danone, a global leader in the food and beverage industry specializing in dairy, plant-based products, water, and specialized nutrition. The site serves as a corporate and consumer information portal tailored to the Lithuanian market. The website is built on WordPress and incorporates modern web technologies including Google Tag Manager, Google reCAPTCHA, and OneTrust for cookie consent, reflecting a mature digital infrastructure. Performance and mobile optimization are adequate, though accessibility features could be enhanced. Security posture is solid with HTTPS enforced and use of anti-bot mechanisms, but lacks explicit security headers and published security policies. Privacy compliance is strong, with GDPR-aligned cookie consent and a comprehensive privacy policy. Overall, the site projects a professional and trustworthy image consistent with a large multinational enterprise.

D

DANONE

danone.pl

10

Danone Poland operates as part of the global Danone group, focusing on dairy, plant-based products, water, and specialized nutrition. The website reflects a mature enterprise with a strong market position and a commitment to sustainability and health. The digital infrastructure uses modern web technologies including Bootstrap, jQuery, and Google Tag Manager, supported by New Relic for performance monitoring. Security posture is solid with HTTPS and no blocking mechanisms, though improvements in DNSSEC and security headers are recommended. Privacy compliance is basic with no explicit privacy or cookie policies detected in the provided content. Overall, the site is professional and trustworthy, targeting general consumers interested in nutrition and health.

V

Volvic

volvic.be

64

Volvic Belgium operates a professionally designed website targeting French-speaking consumers in Belgium, offering a range of natural mineral water and flavored water products with a strong emphasis on sustainability and environmental protection. The website is built on TYPO3 CMS and integrates modern JavaScript libraries and tracking tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. The lack of WHOIS transparency is mitigated by the professional presentation and presence of privacy policies, trusted retail partners, and social media channels. Overall, the website demonstrates a credible and trustworthy business presence in the retail beverage sector.

S

Sport 360

sport360.hr

58

Sport 360 is a Croatian sports marketing agency providing specialized marketing services within the sports sector. The company targets sports organizations and businesses in Croatia, positioning itself as a local expert in sports marketing. The website is professionally designed using the Wix platform, featuring good content quality and consistent branding. Technical infrastructure relies on Wix's Thunderbolt framework and standard polyfills, ensuring moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled but lacks advanced security headers and privacy compliance mechanisms. Overall, the site is functional and credible but would benefit from enhanced privacy and security features.

W

Willkommen in MV

willkommeninmv.de

53

Willkommen in MV is a regional government and non-profit portal dedicated to providing comprehensive integration support services for migrants and refugees in Mecklenburg-Vorpommern, Germany. The website offers extensive categorized information on social services, language courses, job centers, medical and psychosocial help, and legal advice. It targets migrants, refugees, and residents seeking integration assistance, positioning itself as a key public service resource in the region. The business model is primarily public service funded, focusing on accessibility and community support.

3

3sat / Satellitenfernsehen des deutschen Sprachraums

3sat.de

61

3sat is a well-established public broadcasting media platform serving the German-speaking audience with a focus on cultural, scientific, and societal content. The website offers video streaming, live TV, documentaries, and magazines, positioning itself as a trusted source of quality media content. It operates under the umbrella of ZDF, a major German public broadcaster, ensuring strong market presence and credibility. The platform targets a general audience interested in educational and cultural programming.

Z

Zagrebačka filharmonija

zgf.hr

48

Zagrebačka filharmonija is a well-established Croatian cultural institution specializing in classical music performances and orchestral concerts. With a domain age dating back to 2003 and registration through a reputable Croatian registrar (CARNET), the organization demonstrates a stable and credible presence in the cultural sector. The website serves as a comprehensive portal for concert schedules, ticket sales, news, and educational projects, targeting classical music enthusiasts and the general public in Croatia. The institution maintains active social media channels and partnerships with media outlets and ticketing platforms, enhancing its outreach and engagement.

G

GNK Dinamo

gnkdinamo.hr

11

GNK Dinamo is a prominent Croatian football club with a well-established digital presence, offering comprehensive services including news, membership, ticketing, merchandising, and academy information. The website targets football fans and club members, providing a professional and engaging user experience. The technical infrastructure leverages modern web technologies, including Cloudflare DNS, Google Analytics, Microsoft Clarity, and Facebook Pixel for analytics and marketing. Hosting is managed by a Croatian provider, ensuring regional consistency. Security posture is strong with HTTPS enforced and secure forms, though formal security policies and incident response details are absent. Privacy compliance is robust with clear policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism, trustworthiness, and digital maturity.

W

WTSH GmbH

kuenstliche-intelligenz.sh

11

KI.SH is a regional open network initiative operated by WTSH GmbH, focused on promoting and facilitating the adoption of Artificial Intelligence technologies in Schleswig-Holstein, Germany. The platform offers tailored AI solutions, access to scientific research, workshops, funding opportunities, and networking for businesses and organizations in the region. The website is professionally designed, content-rich, and well-structured, targeting companies interested in leveraging AI for their challenges. Technically, the site uses the gradwerk CMS with standard web technologies and includes accessibility and SEO best practices. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response information is published. Privacy compliance is strong with comprehensive cookie consent and privacy policies. Overall, the site reflects a credible, government-affiliated business support platform with a clear mission and professional execution.

APECHAIN is a blockchain technology platform that serves as a hub for decentralized applications, NFT marketplaces, gaming, and DeFi services on the ApeChain blockchain. It offers a diverse ecosystem including developer tools, bridges, and swap services, targeting web3 developers, gamers, and NFT enthusiasts. The platform integrates multiple partner applications, enhancing its market position as a comprehensive web3 ecosystem. Technically, the website is built using modern web technologies such as React and Next.js, hosted on Cloudflare with Contentful CMS for content management. The site demonstrates good performance and mobile optimization, with proper security headers and HTTPS enforcement. However, there is room for improvement in accessibility and SEO features. From a security perspective, the site employs strong HTTPS and security headers, but lacks DNSSEC and a public vulnerability disclosure policy. No privacy or cookie policies were found, indicating compliance gaps. Contact information is not explicitly provided, which may affect user trust and incident response readiness. Overall, the website is professional and functional with a moderate security posture. Strategic improvements in privacy compliance, security transparency, and user contact channels are recommended to enhance trust and regulatory adherence.

O

Oasys | The Blockchain for Asia and Beyond

oasys.games

61

The website www.oasys.games appears to be a Wix-hosted site with minimal accessible content and no visible business or contact information. The lack of WHOIS data and absence of privacy, cookie, or terms of service policies indicate low transparency and limited compliance maturity. Technically, the site uses standard Wix technologies and polyfills but lacks advanced SEO, accessibility, and security features. No security headers or HTTPS confirmation were found, which raises concerns about the security posture. Overall, the site presents a low trust profile with limited business credibility and technical sophistication.

SC Networks GmbH operates a marketing automation platform branded as Evalanche, with the analyzed website serving as a secure login portal for existing users. The site is minimalistic, focusing solely on authentication without public-facing content such as privacy policies or contact information. The technical infrastructure leverages AWS DNS services and standard web technologies, but lacks advanced security headers and DNSSEC, indicating moderate digital maturity. Security posture is adequate but could be improved by implementing modern security best practices and visible compliance documentation. Overall, the domain registration is consistent and legitimate, supporting the business's credibility. The absence of public policies and contact details limits transparency and user trust.

E

ee-hub

ee-hub.de

54

ee-hub.de is a professional platform focused on the renewable energy sector, providing industry news, event management, and educational content primarily targeting energy professionals in Germany. The website leverages modern web technologies including Laravel and the Statamic CMS, hosted on DigitalOcean infrastructure, and integrates Google Tag Manager for analytics. Security posture is solid with HTTPS enforced, though improvements in security headers and explicit cookie consent mechanisms are recommended. Privacy policies and terms of service are present and comprehensive, supporting GDPR compliance. Overall, the site presents a trustworthy and professional digital presence with moderate technical maturity and good user experience.

The website 'Ondervoeding op het Menu' is a Dutch-language health awareness campaign managed by Nutricia, a subsidiary of Danone. It focuses on educating the public about undernutrition, especially related to illness, targeting the general Dutch population including elderly and caregivers. The site offers educational content, downloadable campaign materials, and contact options for further support. Technically, the site is built on Adobe Experience Manager hosted on Adobe AEM Cloud, using modern web technologies and tracking tools such as Adobe Helix RUM and TagCommander. The website is mobile-optimized with good SEO and accessibility basics. Security posture is solid with HTTPS enforced and cookie consent implemented, though it lacks explicit security headers and published security policies. The domain registration is consistent with the business and geographic focus, enhancing trustworthiness. Overall, the site is professional, trustworthy, and serves its awareness purpose effectively.

B

BDO Concunia GmbH Wirtschaftsprüfungsgesellschaft

bdo-concunia.de

71

BDO Concunia GmbH Wirtschaftsprüfungsgesellschaft is a medium-sized professional services firm based in Germany, specializing in auditing, tax consulting, legal advice, and advisory services. The company operates as part of the global BDO network, targeting business and public sector clients. The website reflects a professional and consistent brand image with a focus on service offerings and client engagement through a contact form. Technically, the site uses modern web technologies including Kentico CMS, Cookiebot for cookie consent management, Google Tag Manager, and Microsoft Application Insights for telemetry. The site is hosted likely via Deutsche Telekom infrastructure, ensuring reliable DNS and hosting services. Security posture is good with HTTPS enforced and anti-forgery tokens in use, although some security headers are missing. Privacy compliance is strong, with a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. No critical vulnerabilities or suspicious patterns were detected. Overall, the website demonstrates a solid digital presence with room for improvement in SEO metadata and explicit contact information.

W

Wind Service Offshore GmbH

predixxion.com

11

Predixxion is a specialized AI-powered platform focused on optimizing wind farm performance through predictive analytics and machine learning. The company, operating under Wind Service Offshore GmbH, offers advanced solutions for risk-based operations and maintenance management, targeting wind farm owners and operators. Their platform enhances turbine uptime, reduces costs, and extends asset lifetimes, positioning them as an innovative player in the renewable energy sector. Technically, the website is built on modern frameworks such as Next.js and React, hosted likely on Vercel, delivering fast performance and excellent mobile optimization. Security posture is strong with HTTPS, security headers, and secure forms, though explicit security policies and incident response contacts are absent. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The missing WHOIS registration data is a notable concern but does not detract significantly from the overall trustworthiness given the professional presentation and business transparency. Strategic recommendations include publishing detailed security and incident response policies and verifying domain registration details to enhance trust.

B

BREITZMANN Edelmetalle & Diamanten GmbH & Co. KG

breitzmann-edelmetalle.de

9

BREITZMANN Edelmetalle & Diamanten GmbH & Co. KG operates as a local precious metals and diamond trading business based in Bayreuth, Germany. The company offers services including buying and selling gold, silver, diamonds, jewelry, and watches, with a focus on immediate cash payments and free valuations. Their market position is that of a trusted local partner for individuals and investors interested in precious metals and stones. The website content is primarily in German and targets local customers seeking reliable precious metal transactions. Technically, the website employs a modern tech stack including HTML5, CSS3, JavaScript, jQuery, Google Tag Manager, Facebook SDK, and Cookiebot for cookie consent management. The site is served over HTTPS, uses Google reCAPTCHA for form security, and integrates tracking tools for analytics and marketing. However, it lacks advanced security headers and comprehensive privacy and security policies, indicating room for improvement in compliance and security posture. From a security perspective, the site benefits from HTTPS encryption and anti-bot measures but does not publish incident response contacts or security policies. No vulnerabilities or suspicious content were detected. The absence of privacy and terms of service pages represents a compliance gap, especially under GDPR. Overall, the site demonstrates a moderate security maturity level with good business credibility but requires enhancements in privacy and security transparency. The overall risk assessment is moderate with no critical issues detected. Strategic recommendations include implementing security headers, publishing privacy and terms of service documents, establishing incident response contacts, and improving accessibility and compliance features to enhance trust and security culture.

H

HADO-SPORT

hado-sport.de

36

HADO-SPORT is a small German sports retail business specializing in branded products for table tennis, tennis, and football. The website provides basic information about the company, its services, and brand partnerships, targeting sports enthusiasts and clubs. The technical infrastructure is simple, relying on standard HTML, CSS, JavaScript, and Google Analytics for tracking. Hosting is provided by domainFACTORY. Security posture is basic with no advanced headers or policies detected, and privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the website is functional but could benefit from modernization and improved compliance.

The website 'LitVideo Trailer-Datenbank' operated by qub media GmbH provides a niche service focused on the online distribution of book trailers for publishers, authors, bloggers, and online shop operators. The platform aims to enhance marketing efforts by integrating video content to increase user engagement and conversion rates. The business model centers on providing a specialized media service within the German market, targeting a small-sized company profile with consistent branding and a clear service offering. Technically, the website employs a basic but functional technology stack including HTML, CSS, JavaScript with jQuery, and Google Analytics for tracking. Hosting appears to be managed via generic German hosting providers as inferred from the nameservers. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or modern frameworks were detected. From a security perspective, the site lacks visible security headers and cookie consent mechanisms, despite using Google Analytics, which raises privacy compliance concerns. HTTPS status and SSL configuration could not be confirmed from the data provided. No incident response or security policies are published, and no forms or input fields were detected to assess input security. The WHOIS data is structured and publicly available, with no privacy protection, supporting legitimacy, though the domain status 'connect' is unusual. Overall, the website is functional and serves its business purpose but requires improvements in security posture, privacy compliance, and technical modernization to enhance trust and user experience. Strategic recommendations include implementing HTTPS with strong SSL, adding security headers, deploying cookie consent mechanisms, and publishing clear security and incident response policies.

T

TRP

trpparts.com

9

TRP operates an e-commerce platform specializing in automotive parts and accessories, targeting vehicle owners and automotive professionals primarily in the United Kingdom and Europe. The website is professionally designed with multi-language support, indicating a broad international audience. The technical infrastructure leverages modern web technologies such as React.js and is hosted on Microsoft Azure, ensuring scalability and reliability. Google Tag Manager is used for analytics and marketing tracking, reflecting a standard digital maturity level. Security posture is adequate with HTTPS enforced; however, the absence of visible privacy and cookie policies, security headers, and incident response information indicates areas for improvement. Overall, the website is legitimate and professionally managed, but enhancements in privacy compliance and security transparency are recommended to strengthen trust and regulatory adherence.