Security Directory

R

Ratchet and Wrench

ratchetandwrench.com

59

Ratchet and Wrench is a leading trade magazine serving the auto care industry, providing news, insights, multimedia content, and educational resources for auto repair shop owners and operators. The website demonstrates a mature digital presence with a modern technology stack based on Nuxt.js and Vue.js, delivering a rich user experience with responsive design and clear navigation. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security policies and incident response information are not publicly available. The absence of WHOIS data for the domain is a notable anomaly that slightly reduces overall trustworthiness. Strategic recommendations include enhancing transparency around security policies, publishing vulnerability disclosure information, and improving domain registration visibility to strengthen business credibility.

Erfurt-Crowd is a localized crowdfunding platform operated by fairplaid GmbH, focusing on supporting projects in culture, art, social, education, environment, and sports sectors within the Erfurt community. The platform facilitates project fundraising by providing a digital space for project initiators and supporters to connect. The website demonstrates a clear market position as a regional crowdfunding facilitator with a business model centered on community engagement and project funding. Technically, the website employs modern JavaScript frameworks including React, integrates Google Analytics with IP anonymization, and uses Klaro for cookie consent management. Accessibility is enhanced through Eye-Able tools, and the site is mobile optimized with good SEO practices. The technical infrastructure is solid, leveraging Fairplaid's crowdfunding technology platform. From a security perspective, the site enforces HTTPS with good SSL configuration and includes privacy compliance mechanisms such as cookie consent and a privacy policy. However, explicit security headers and detailed security policies are absent, and no incident response or vulnerability disclosure information is provided. No critical vulnerabilities or suspicious patterns were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. The absence of direct contact information and terms of service pages are minor gaps. The domain WHOIS data aligns well with the website's claims, supporting legitimacy. The site is safe for general audiences with no adult or questionable content detected.

Haiilo GmbH operates the Haiilo Home platform, a 360° employee communications solution designed to enhance team spirit, motivation, and organizational culture. The platform offers services such as intranet, social networking, collaboration, and content management targeted at organizations seeking to improve internal communications. The website content is minimal and primarily serves as a shell for the Haiilo platform, relying heavily on JavaScript for rendering. The technical infrastructure includes modern web technologies and hosting via Google Cloud DNS, but lacks visible SEO optimization and accessibility features. Security posture is basic, with no HTTPS enforcement or security headers detected in the provided data, and no privacy or cookie policies present, indicating compliance gaps. Overall, the website presents a moderate risk profile with room for significant improvements in security, privacy compliance, and content richness.

T

Taywa GmbH

taywa.ch

58

Taywa GmbH is a Swiss digital agency specializing in the conception and programming of websites, browser-based software, and mobile applications. With nearly 20 years of experience, the company positions itself as an effective and customer-oriented service provider targeting businesses seeking modern digital solutions. The website reflects a professional and polished digital presence with modern technologies such as Three.js and Swiper.js enhancing user experience. However, the absence of privacy and cookie policies indicates a compliance gap with GDPR and related regulations. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, but lacks published security policies or incident response information. Overall, Taywa presents a credible and trustworthy business with room for improvement in privacy compliance and security transparency.

M

Meta

instagram.de

77

Instagram is a globally recognized social media platform owned by Meta Platforms, Inc. It enables users to share photos and videos, connect socially, and engage with content through a highly interactive interface. Instagram holds a leading market position in the social networking industry, supported by a robust advertising business model. The platform targets a broad general audience worldwide and operates at an enterprise scale with extensive technical infrastructure.

H

Hamburgische Schiffbau-Versuchsanstalt GmbH

hsva.de

47

Hamburgische Schiffbau-Versuchsanstalt GmbH (HSVA) is a well-established private and independent maritime service and consulting company based in Hamburg, Germany. Founded in 1913, HSVA specializes in maritime hydrodynamics, aerodynamics, and arctic technology, providing innovative solutions and world-class experimental testing facilities to clients worldwide. The company is recognized for its contributions to greener shipping and sustainable marine environments, holding a strong market position supported by national and international research collaborations. Technically, the HSVA website employs modern frontend technologies including Bootstrap and AOS for animations, alongside a robust cookie consent management system (ConsentFriend/Klaro!). The site is mobile-optimized with good SEO practices and moderate performance. While HTTPS is enforced, security headers are not explicitly detected, suggesting room for improvement in security hardening. From a security perspective, HSVA demonstrates a solid baseline with HTTPS and cookie consent mechanisms. However, the absence of explicit security policies, incident response contacts, and security.txt files indicates potential gaps in transparency and vulnerability management. No critical vulnerabilities or blocking mechanisms were detected, and the domain WHOIS data aligns well with the company’s identity and location, supporting legitimacy. Overall, HSVA presents a professional, trustworthy online presence with strong business credibility and compliance with privacy regulations. Strategic enhancements in security headers, incident response disclosures, and accessibility could further strengthen their security posture and user trust.

SDC Ship Design & Consult GmbH is a specialized consultancy firm focused on the maritime shipping industry, offering ship design, engineering, and consultancy services. Their expertise spans various ship types including tankers, container ships, yachts, and research vessels, with services covering feasibility studies, steel design, mechanical engineering, and consultancy on alternative fuels and efficiency optimization. The company targets shipping industry professionals and ship owners, positioning itself as a niche player in maritime consultancy. Technically, the website is built with basic HTML, CSS, and JavaScript without modern frameworks or CMS. The hosting is provided by kasserver.com, a professional hosting provider. The site lacks mobile optimization and accessibility features, and no analytics or tracking technologies are detected. Performance is moderate with a fixed-width layout and minimal dynamic content. From a security perspective, the site does not show evidence of HTTPS enforcement or security headers, which are critical for protecting user data and ensuring trust. There is no visible privacy or cookie consent mechanism, and no incident response or security policy information is provided. The WHOIS data is consistent and indicates a legitimate domain registration with no privacy protection, appropriate for the business type. Overall, the website is functional but basic, with room for improvement in security posture, privacy compliance, and technical modernization. Strategic enhancements in HTTPS implementation, security headers, mobile responsiveness, and privacy mechanisms would significantly improve trust and compliance.

The Shadowserver Foundation is a well-established nonprofit organization dedicated to improving Internet security globally by providing free, actionable cyber threat intelligence and remediation reports. Their services target network providers, national governments, law enforcement, and industry sectors, positioning them as a key player in the cybersecurity nonprofit space. The website reflects a professional and consistent brand image with comprehensive content and strong trust indicators such as media coverage and partnerships. Technically, the website is built on WordPress 6.8.3 with modern web technologies including Google reCAPTCHA for form security and Google Fonts for typography. The site is mobile-optimized, accessible, and SEO-friendly, with moderate performance. Security best practices are observed with HTTPS enforced and GDPR-compliant cookie consent mechanisms, although explicit security headers and a dedicated security policy page are absent. The security posture is strong with no visible vulnerabilities or exposed sensitive data. However, the absence of a security.txt file and incident response contact details suggests room for improvement in vulnerability disclosure and incident management transparency. WHOIS data is unavailable due to privacy protection, which is justified for this nonprofit entity. Overall, the website is trustworthy, secure, and professionally maintained. Strategic recommendations include enhancing security headers, publishing a formal security policy and incident response contacts, and implementing a security.txt file to facilitate vulnerability reporting. These steps will further strengthen the organization's security posture and stakeholder trust.

T

Task Force CSIRT

trusted-introducer.org

73

The Task Force CSIRT website serves as a central hub for cybersecurity incident response teams, focusing on fostering a trusted community with a European emphasis. It offers core services including community collaboration, training through TRANSITS, and the Trusted Introducer infrastructure which maintains a directory of cybersecurity teams. The website positions itself as a key player in the cybersecurity incident response ecosystem, targeting professionals and organizations involved in security operations and incident handling. Technically, the website employs modern web technologies such as Bootstrap for responsive design, SVG for graphics, and standard CSS and JavaScript. The site is hosted under a reputable registrar (Gandi SAS) with HTTPS enabled, ensuring secure communications. The site demonstrates good mobile optimization and basic accessibility features, though no CMS or advanced frameworks are detected. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and explicit security headers. There is no visible incident response contact or vulnerability disclosure policy, and cookie consent mechanisms are absent, which could be improved for compliance. No analytics or tracking scripts are detected, indicating a privacy-conscious approach. Overall, the website is professional, trustworthy, and focused on its niche audience. It could enhance its security posture and privacy compliance by adding DNSSEC, security headers, cookie consent, and clearer contact and policy disclosures.

F

Forum of Incident Response and Security Teams, Inc.

first.org

81

FIRST (Forum of Incident Response and Security Teams) is a globally recognized non-profit organization dedicated to improving cybersecurity incident response through collaboration, training, and standards development. It serves a diverse membership of incident response teams from government, commercial, and educational sectors worldwide. The organization provides key services including incident coordination, special interest groups, training programs, and widely adopted cybersecurity standards such as CVSS and TLP. FIRST maintains a strong market position as a leader in the incident response community with over 800 members globally. Technically, the website demonstrates a mature digital presence with modern HTML5, CSS3, and JavaScript technologies, including integration of a Freshworks support widget. The site is well-structured, mobile-optimized, and provides comprehensive content with good SEO and accessibility features. Performance is moderate, with no critical technical issues detected. From a security perspective, the site enforces HTTPS and follows good security practices, although explicit security headers are not visible in the provided data. The organization publishes detailed policies including privacy, terms of service, and vulnerability disclosure, reflecting a strong compliance posture. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is justified for this type of organization. Overall, FIRST presents a low-risk profile with a professional and trustworthy online presence. Strategic recommendations include enhancing security headers, implementing explicit cookie consent, publishing a security.txt file, and improving incident response contact visibility to further strengthen security posture and compliance.

RSVPify is a technology company specializing in event software solutions, including ticketing, check-in, and registration services. Established in 2013, it operates a professional and well-branded website built on WordPress, hosted via Cloudflare. The site integrates multiple marketing and analytics tools such as HubSpot, Hotjar, Braze, Facebook Pixel, and Google Tag Manager, indicating a mature digital marketing strategy. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service in the provided content. Overall, the website is professional, trustworthy, and targets event organizers and planners with a SaaS business model.

S

Seznam.cz, a.s.

sdovolena.cz

55

Sdovolena.cz is an online travel comparison and booking platform operated under the reputable Czech internet company Seznam.cz, a.s. The website offers a comprehensive search and filtering system for holiday packages, including last minute deals, across a wide range of destinations. It aggregates offers from multiple travel agencies, providing users with detailed information about travel dates, prices, accommodations, and transport options. The site targets Czech-speaking travelers looking for convenient holiday planning solutions. Technically, the site employs modern JavaScript frameworks, integrates with Seznam's login services, and uses analytics and error tracking tools such as Gemius and Sentry. The website is served over HTTPS, ensuring secure data transmission. Privacy and cookie policies are clearly linked and indicate GDPR compliance. However, no direct company contact emails or phone numbers are displayed on the main page, with contact facilitated via forms and help pages. The WHOIS data for the domain is unavailable, which limits domain registration trust analysis, but the affiliation with Seznam.cz strongly supports legitimacy. Overall, the site presents a professional, secure, and user-friendly platform for travel booking in the Czech market.

I

Invia

invia.cz

70

Invia.cz is a prominent online travel agency based in the Czech Republic, offering a broad selection of holiday packages for 2025, including summer and winter trips and last minute deals. The website targets consumers primarily in the Czech Republic and neighboring countries, providing an e-commerce platform for travel bookings. The company positions itself as a leading travel service provider in the region with a professional and user-friendly website. Technically, the site employs modern JavaScript libraries and third-party services such as Sentry for error monitoring, Google Tag Manager for analytics, and Cookiebot for cookie consent management, indicating a mature digital infrastructure. Security-wise, the website enforces HTTPS and implements a detailed cookie consent mechanism, though it lacks some advanced security headers and explicit security policies. Overall, the site demonstrates a good security posture with room for improvement in transparency and incident response readiness. The domain WHOIS data is privacy-protected, which is common for commercial websites, and no suspicious patterns were detected. The website is safe for general audiences with no adult content. Strategic recommendations include enhancing security headers, publishing a security.txt file, and providing clearer security and incident response information to improve trust and compliance.

The Schiffbautechnische Gesellschaft e.V. (STG) is a professional maritime society based in Germany, focused on advancing shipbuilding technology and efficiency. The website serves as a portal for information on their flagship event, the International Conference on Ship Efficiency, along with other maritime industry events, membership services, and technical committees. The organization targets maritime professionals, engineers, and researchers, providing a platform for knowledge exchange and networking. Technically, the site is built on the onTEAM CMS platform with standard web technologies and includes a secure login area for members. Security posture is moderate with HTTPS usage and session management, but lacks visible advanced security headers and anti-CSRF protections. Privacy compliance is basic with a privacy policy present but no explicit cookie consent mechanism detected. The WHOIS data is incomplete and malformed, limiting domain trust verification, but the professional content and consistent branding support legitimacy. Overall, the site is functional, professional, and trustworthy for its audience, though improvements in security and privacy transparency are recommended.

S

Starline Computer GmbH

starline.de

60

Starline Computer GmbH is a well-established German company specializing in secure, scalable, and highly available storage and server solutions tailored for small and medium-sized enterprises (KMU) and enterprise environments. Founded in 1982, the company has built a strong market position with over 40 years of experience, offering a comprehensive range of IT hardware products and services including storage systems, servers, backup solutions, and technical support. Their business model focuses on B2B clients, providing personalized consulting and technical expertise to ensure reliable IT infrastructure solutions. The website reflects a professional and consistent brand image with clear navigation and rich content aimed at their target audience. Technically, the website employs modern web technologies including Matomo for analytics and CookieHub for consent management, ensuring GDPR compliance and user privacy. The site is mobile-optimized, fast-loading, and accessible, hosted likely on LF.net infrastructure. Security posture is strong with HTTPS enforced and secure form handling, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Overall, Starline demonstrates a mature digital presence with good privacy and security practices, though it lacks explicit public security policies or incident response contacts. The domain registration data aligns well with the company's business claims, reinforcing legitimacy and trustworthiness. The company maintains active communication channels and social media presence, further supporting its credibility.

A

Aebi Schmidt Group

aebi-schmidt.com

69

Aebi Schmidt Group is a globally recognized leader specializing in intelligent product systems and services for cleaning and clearing traffic areas as well as maintaining green spaces in challenging terrains. Their business model focuses on B2B engagements, targeting municipalities, industries, and service providers in transportation and green area maintenance sectors. The company maintains a strong market position supported by ISO certifications and a comprehensive digital presence. Technically, the website leverages modern JavaScript frameworks such as Vue.js and integrates marketing and analytics tools including Google Tag Manager, Bing Ads, and Matomo, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS, implements cookie consent mechanisms, and includes standard security headers, though it lacks a publicly available security policy or vulnerability disclosure page. Overall, the website is professional, secure, and compliant with GDPR, but the absence of WHOIS data introduces some uncertainty regarding domain registration legitimacy.

NHST Holding is a Norwegian holding company owning DN Media Group and NHST Marketing Technology, operating in the media and marketing technology sectors. The company provides independent publications covering shipping, seafood, aquaculture, energy, and business, alongside SaaS products for PR and media monitoring. The website presents professional content targeting business professionals, investors, and media stakeholders, with clear branding and consistent messaging. Technically, the site is built on WordPress with modern SEO practices but lacks some advanced security headers and privacy compliance features. The security posture is moderate with no visible vulnerabilities but missing key policies and incident response information. WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional website presence. Overall, the site is functional and credible but would benefit from improved compliance and security transparency.

The website booksamillion.com is currently inaccessible due to a Cloudflare Turnstile human verification challenge, which blocks direct access to the site's content. Books-A-Million is a well-known large retail company specializing in books and related merchandise, with a domain age consistent with its long-standing market presence. The technical infrastructure leverages Cloudflare services for security and content delivery. Due to the WAF challenge, no detailed content, contact, or policy information is accessible, limiting the ability to assess privacy compliance, security posture, or business credibility fully. The domain registration data is consistent and legitimate, supporting the authenticity of the business. Overall, the site is protected by modern security mechanisms but currently inaccessible for full analysis.

U

Utdanningsdirektoratet and Datatilsynet (collaborative project)

dubestemmer.no

58

DuBestemmer.no is a Norwegian government-backed educational platform collaboratively operated by Utdanningsdirektoratet and Datatilsynet. It provides comprehensive learning resources focused on privacy, internet safety, and critical media literacy targeted at children and youth aged 9 to 18 years, as well as teachers and parents. The site is positioned as an authoritative resource in the Norwegian education sector, emphasizing digital citizenship and responsible online behavior. Technically, the website employs modern JavaScript libraries including jQuery, Microsoft Application Insights, and Matomo Analytics for performance monitoring and user behavior analysis, while respecting user privacy by disabling cookies for tracking. The site appears to be built on the Episerver CMS platform, with good mobile optimization, accessibility, and SEO practices. Hosting details are not explicitly disclosed but analytics are served via udir.matomo.cloud. From a security perspective, the site enforces HTTPS and uses minimal necessary cookies with explicit consent mechanisms. While no advanced security headers were detected, the site avoids collecting sensitive user data on the homepage and demonstrates privacy-conscious analytics usage. The WHOIS data is not publicly available due to Norid privacy policies, which is typical for Norwegian domains. Overall, the domain registration and website content are consistent with a legitimate, government-backed educational service. The overall risk profile is low, with no detected vulnerabilities or suspicious indicators. Strategic recommendations include enhancing security headers, publishing an incident response policy, and adding a vulnerability disclosure mechanism to further strengthen trust and security posture.

O

Ocean Summit

ocean-summit.de

54

Ocean Summit is a non-profit organization dedicated to marine conservation education, actions, and networking primarily in Schleswig-Holstein, Germany. The website serves as a platform to engage marine enthusiasts of all ages through educational programs, events, and media content such as podcasts and magazines. It positions itself as a regional leader in marine protection advocacy and education. Technically, the website is built on WordPress using the Enfold theme and several plugins including EventON and Toolset Blocks. It employs modern web technologies such as jQuery and Google Maps API, and is hosted with domain control services likely provided by GoDaddy. The site is mobile-optimized and SEO-friendly with structured data markup and social media integration. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, indicating good privacy compliance. However, explicit security headers are not detected, and no formal security policy or incident response information is published. No vulnerabilities or exposed sensitive data were found in the analysis. Overall, the website is professional, trustworthy, and safe for general audiences. It demonstrates good privacy compliance and technical maturity but could improve its security posture by adding security headers and incident response details.

U

Universal Music Group Deutschland

santiano.de

64

Universal Music Group Deutschland operates the official artist website for Santiano, a prominent German shanty-rock band. The website serves as a comprehensive platform for fans to access music, videos, news, tour dates, and merchandise. It integrates multiple streaming and purchasing options from major providers such as Apple Music, Spotify, Amazon Music, and others, reflecting a mature digital music distribution model. The site is well-branded, consistent with Universal Music Group's corporate identity, and targets a broad audience of music enthusiasts. Technically, the site leverages modern web technologies including React and JavaScript frameworks, with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforcement, security headers, and consent management for cookies, aligning with GDPR requirements. No critical vulnerabilities or suspicious elements were detected. Overall, the website reflects a professional, secure, and user-friendly digital presence for a major music label and its artist.

B

Briese Schiffahrts GmbH & Co. KG

briese-research.de

25

BRIESE Research, a division of Briese Schiffahrts GmbH & Co. KG, specializes in the management and chartering of German research vessels, serving scientific institutions and maritime research communities. The company manages a fleet of notable research vessels and collaborates with prominent scientific organizations such as AWI, GEOMAR, and Senckenberg. Their business model focuses on providing comprehensive vessel management, crew recruitment, and logistical support tailored to research needs. The website reflects a niche market position with a medium-sized enterprise footprint in Germany.

D

Društvo Ujedinjenih Građanskih Akcija

dugabih.ba

10

Društvo Ujedinjenih Građanskih Akcija (Duga BiH) is a non-profit organization based in Bosnia and Herzegovina dedicated to supporting children, youth, parents, and professionals through educational and psychosocial programs. The organization positions itself as a leading entity in social inclusion and community support, offering training, counseling, and project-based services. Their website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their target audience. Technically, the site is built on WordPress using modern frameworks and plugins, ensuring good performance and mobile optimization. Security measures such as HTTPS and security headers are properly implemented, although explicit privacy and cookie policies are missing, representing a compliance gap. Overall, the domain registration data aligns well with the organization's claims, supporting the legitimacy of the site.

E

expondo

expondo.hu

61

Expondo.hu is a well-established e-commerce platform specializing in professional tools, equipment, and related products primarily targeting businesses and professional customers in Hungary and across Europe. The company boasts over 17 years of market presence, offering a broad product catalog with categories ranging from gastronomy to industrial tools. The website is built on modern technology, specifically Vue Storefront 2, and integrates multiple marketing and analytics tools such as Google Tag Manager and Exponea. While the site demonstrates good design quality, mobile optimization, and user experience, it lacks explicit privacy and terms of service documentation in the provided content. Security posture is solid with HTTPS enabled and cookie consent mechanisms in place, but could be improved by adding security headers and publishing security policies. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy and trustworthiness.

D

DEMY.HU

demy.hu

52

DEMY.hu is a Hungarian e-commerce retailer specializing in electronic products such as electric dog collars, wireless alarms, and GPS navigation and tracking devices. The website targets Hungarian consumers interested in pet electronics and security solutions, positioning itself as a specialist in this niche market. The site is well-branded with consistent design and localized content for neighboring countries through sister sites. Technically, the website employs modern JavaScript libraries and integrates third-party analytics and advertising tools, including Google Analytics, Google Tag Manager, and ClickCease, indicating a moderate level of digital maturity. However, the absence of explicit privacy and cookie policies, as well as terms of service, suggests gaps in compliance and transparency. Security-wise, the site uses HTTPS and some best practices but lacks comprehensive security headers and incident response information, which could be improved to enhance trust and protection. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security documentation to strengthen its risk posture and user trust.

O

OEMUS MEDIA AG

designpreis.org

53

The website designpreis.org serves as the official platform for the ZWP Designpreis, an established German award recognizing outstanding dental practice designs. Operated by OEMUS MEDIA AG, the site provides comprehensive information about the competition, showcases winners, and facilitates applications. The target audience includes dental professionals and architects interested in innovative dental office design. Technically, the site is built on WordPress 6.8.2, uses Matomo for privacy-conscious analytics, and hosts media assets on Amazon S3, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and domain transfer protections, but lacks DNSSEC and security headers, indicating room for improvement. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional, trustworthy, and well-aligned with its niche business purpose.

A

ABCedu, a.s.

abcguru.sk

37

ABCguru is an educational platform operated by ABCedu, a.s., focused on providing autokorektívne kartičky (self-correcting cards) for mathematics learning targeted at primary school children in Slovakia. The business model combines physical product sales with an online application, catering to students, parents, and schools. The website is professionally designed with clear navigation and relevant content, including instructional videos and contact information. Technically, the site uses modern web technologies such as Bootstrap and Google Analytics, with responsive design suitable for mobile devices. However, there is a lack of publicly available privacy and cookie policies, and no visible security headers, which are areas for improvement. The security posture is moderate with HTTPS implied but no explicit security policy or incident response information. Overall, the website is safe, trustworthy, and focused on educational content without any adult or questionable material.

B

BRAND FAMILY s.r.o.

brand.family

55

BRAND FAMILY s.r.o. operates the website brand.family, presenting itself as a marketing and brand consulting business under the brand 'Mindless'. The company targets business owners seeking honest and realistic advice on marketing, branding, and business growth. The website is professionally designed with clear navigation and content in Czech, indicating a focus on the Czech market. Key services include marketing consulting and brand advisory, positioning the company as a niche player in the consulting sector. Technically, the website employs modern JavaScript frameworks, Google Tag Manager, and Google Analytics, ensuring a contemporary digital presence with good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers and explicit security policies are absent. WHOIS data is privacy protected, which is reasonable for this business type, but limits direct verification of registrant details. Overall, the website is trustworthy, professional, and compliant with GDPR requirements.

DN Media Group AS is a well-established Norwegian media company specializing in business journalism with a focus on sectors such as shipping, seafood, aquaculture, and energy. The company operates multiple specialized publications and serves a global audience with market insights and breaking news. It is a subsidiary of NHST Holding AS, indicating a strong corporate backing and market presence. The website reflects a professional and consistent brand image with high-quality content tailored to business professionals and industry stakeholders. Technically, the website is built on WordPress with modern SEO optimizations and responsive design, ensuring good user experience across devices. While performance is moderate, the site is well-structured and accessible, though accessibility features could be enhanced. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and published security policies. The security evaluation shows no blocking or WAF interference, and no critical vulnerabilities were detected. However, the absence of a cookie consent mechanism and missing WHOIS data are notable gaps. The WHOIS data absence raises questions but is likely due to registry or privacy settings rather than malicious intent. Overall, the site is trustworthy but could improve transparency and compliance aspects. Strategically, DN Media Group should focus on enhancing privacy compliance by implementing cookie consent, publishing security and incident response policies, and improving WHOIS transparency. These steps will strengthen trust and align with regulatory requirements, supporting their position as a leading media group in their sectors.

K

KraftCERT AS

kraftcert.no

70

KraftCERT AS is a specialized non-profit cybersecurity organization focused on securing process control systems within the Norwegian energy sector, including power, petroleum, and related industries. It operates as an Information Sharing and Analysis Center (ISAC) and Incident Response Team (IRT), providing members with vulnerability monitoring, threat intelligence, incident handling, advisory services, exercises, and training. The organization holds recognized certifications such as Trusted Introducer and FIRST membership, reinforcing its credibility and sector-specific expertise. Technically, the website employs a modern Bootstrap framework with JavaScript enhancements, offering a responsive and well-structured user experience. While the site lacks advanced analytics and tracking, it uses email obfuscation and provides PGP keys to secure communications. However, explicit privacy and cookie policies are absent, and no security headers were detected, indicating room for improvement in compliance and security hardening. The security posture is solid in terms of operational focus and incident response capabilities, but the website itself could benefit from enhanced security headers and formalized privacy documentation. The absence of WHOIS data limits domain trust analysis, but the detailed contact information, certifications, and professional presentation support legitimacy. Overall, KraftCERT presents a trustworthy and professional front for its niche cybersecurity services, with recommendations to improve privacy compliance and web security practices to further strengthen stakeholder confidence.

N

Norsk Tipping AS

norsk-tipping.no

65

Norsk Tipping AS is the official Norwegian state-owned lottery and sports betting operator, providing a wide range of gaming products including lotteries, sports betting, and instant games. The website targets Norwegian adults over 18 years and emphasizes responsible gaming with clear age restrictions and links to support organizations. Norsk Tipping holds a leading market position in Norway's regulated gambling sector, offering trusted and popular gaming services. The website content is rich, professionally designed, and well-structured, supporting a positive user experience and clear navigation.

K

KLP

klp.no

70

KLP is a large Norwegian mutual insurance company specializing in managing public sector pensions and offering complementary banking, insurance, and fund services. The company targets Norwegian municipalities, health sector employees, and public organizations, positioning itself as a trusted financial partner in the public sector. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to its audience. Technically, the site uses modern frameworks such as React and Enonic CMS, integrates analytics and personalization tools like Google Tag Manager and Kameleoon, and maintains good performance and accessibility standards. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly detailed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The absence of WHOIS data is due to privacy protection by Norid, which is common and justified for financial institutions. Overall, KLP's website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for its sector.

Canon Norge operates as the Norwegian branch of the global imaging and printing giant Canon Inc., offering a comprehensive range of digital cameras, lenses, video cameras, printers, and scanners tailored for both consumers and businesses. The website reflects a mature digital presence with a well-structured product catalog, clear navigation, and localized content in Norwegian, targeting the Norwegian market effectively. Canon Norge maintains a strong market position as a leading technology provider in imaging solutions, supported by a consistent brand identity and extensive product offerings. Technically, the website employs modern web technologies including JSON-LD structured data, advanced analytics tools like Google Analytics, Tealium, and Optimizely, and integrates with Salesforce for customer account management. The site is mobile-optimized, accessible, and SEO-friendly, demonstrating a high level of digital maturity. Performance is moderate with room for optimization, but overall the technical infrastructure supports a robust user experience. From a security perspective, the site enforces HTTPS with strong SSL configurations and implements multiple security headers such as Content-Security-Policy and Strict-Transport-Security. Cookie consent mechanisms are in place, and privacy policies align with GDPR requirements. However, there is no publicly available security policy or incident response information, and no vulnerability disclosure program is evident, which could be areas for improvement. Overall, Canon Norge presents a trustworthy and professional online presence with strong business credibility and security posture. The lack of WHOIS data is due to registry privacy policies and is justified given the corporate nature of the entity. Strategic recommendations include publishing a dedicated security policy, establishing a vulnerability disclosure channel, and enhancing performance optimizations to further strengthen the site’s security and user experience.

M

Minel AS

minel.no

66

Minel AS is a Norwegian company specializing in electrical installations for both private and commercial customers primarily in Oslo, Viken, and Innlandet regions. The company operates through a group of 12 subsidiaries, employing over 350 people and generating a turnover of approximately 550 million NOK. Their services include electric vehicle charging, smart home solutions, lighting, electrical safety, and energy-saving measures. The website is professionally designed, mobile-optimized, and uses modern web technologies including React, Google Tag Manager, and Google Maps API. Privacy and cookie policies are clearly presented with consent mechanisms in place. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. The domain registration is consistent with the business profile and age, supporting legitimacy. Overall, Minel AS presents a trustworthy and credible digital presence with a focus on customer service and compliance.

G

Goetheanum

goetheanum.ch

56

Goetheanum is a well-established non-profit educational and cultural institution based in Switzerland, serving as the School of Spiritual Science and the seat of the General Anthroposophical Society. The website reflects its mission by providing comprehensive information about its educational programs, cultural events, and anthroposophical research. The institution targets individuals interested in spiritual science and related disciplines, maintaining a strong market position within its niche. Technically, the website employs modern web technologies, including JavaScript frameworks, CSS, and reputable third-party services for cookie management and user engagement, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities, although there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie regulations, supporting a positive user experience and business credibility.

U

Universitetet i Innlandet

inn.no

66

Universitetet i Innlandet is a Norwegian public university offering research-based education at bachelor, master, and doctoral levels, along with continuing education programs. The institution serves students, researchers, and academic staff primarily in Norway, maintaining a strong regional presence with multiple campuses. The website reflects a professional and consistent brand image, providing comprehensive information about studies, research, and university news. Technically, the site uses modern JavaScript frameworks, Google Analytics for tracking, and a proprietary CMS (Vortex). It is well-optimized for mobile and accessibility standards, with clear navigation and relevant metadata for SEO. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and vulnerability disclosure mechanisms could be improved. The absence of WHOIS data is due to privacy protection typical for Norwegian domains and does not detract from the site's legitimacy. Overall, the site is trustworthy, well-maintained, and compliant with GDPR requirements.

I

International FXC Organization Inc.

fireballsportfederation.com

61

The International FXC Organization Inc. operates the website www.fireballsportfederation.com, promoting the Fireball Extreme Challenge™ (FXC), a mandatory coed, inclusive team ball sport designed for all genders, ages, and skill levels. The organization positions itself as an emerging global sport federation aiming to redefine athletic competition with a fast-paced cardio ball sport. The website is professionally designed using the Wix platform, featuring structured data with company contact information and a clear business description targeting sports enthusiasts worldwide. Technically, the site leverages Wix's Thunderbolt framework and includes Facebook Pixel for marketing and analytics. The site is hosted on Wix infrastructure with HTTPS enabled, ensuring secure communication. However, the site lacks visible privacy and cookie policies, security headers, and incident response contacts, indicating gaps in compliance and security best practices. The absence of WHOIS registration data for the domain raises concerns about domain legitimacy and trustworthiness. From a security perspective, the site benefits from HTTPS but lacks additional security headers and formal privacy compliance mechanisms. No vulnerabilities or exposed sensitive data were detected in the provided content. The site does not appear to be blocked by any WAF or security challenge, allowing full content access. Overall, the site demonstrates moderate security posture but requires improvements in privacy compliance and domain registration transparency. The overall risk assessment suggests moderate trustworthiness with recommendations to enhance security headers, implement comprehensive privacy and cookie policies, clarify domain registration status, and provide incident response contacts to improve user trust and regulatory compliance.

I

IWG | Ways to get involved

iwgwomenandsport.org

50

The website www.iwgwomenandsport.org appears to be built on the Wix platform but currently presents minimal or blocked content, likely due to security or access restrictions. The WHOIS data is malformed and incomplete, lacking registrar, creation, expiry, and registrant details, which raises concerns about domain legitimacy and transparency. No privacy, cookie, or terms of service policies are present, and no contact information or business details are available on the site. Technically, the site uses standard Wix technologies and polyfills but lacks visible security headers or SSL configuration information. Overall, the site is not currently suitable for trust or business engagement due to its limited content and lack of transparency.

I

ICSBF - International Catch’n Serve Ball Sports Federation

catchandserve-ball.com

46

The International Catch’n Serve Ball Sports Federation (ICSBF) operates as a niche non-profit organization dedicated to promoting the sport of Catch'n Serve Ball globally. The website provides comprehensive information about the federation's activities, including event calendars, membership details, and news updates, positioning ICSBF as a specialized sports federation with a clear focus on community engagement and international sports development. The target audience includes sports enthusiasts, athletes, and sports clubs interested in this emerging sport. Technically, the website employs modern web standards with HTML5, CSS, and JavaScript, and integrates Matomo analytics for user tracking, reflecting a moderate level of digital maturity. The site is mobile-optimized and offers good navigation and content relevance. However, some technical improvements are recommended, such as implementing security headers and enhancing accessibility features. From a security perspective, the site benefits from HTTPS encryption and does not expose sensitive data. Nonetheless, the absence of security headers and lack of published security or incident response policies indicate room for improvement. The missing WHOIS data raises concerns about domain legitimacy, although the professional presentation and valid contact information mitigate some trust issues. Overall, the website is functional, professional, and safe for general audiences, but strategic enhancements in security posture, privacy compliance, and domain registration transparency are advised to strengthen trust and compliance.

C

Corvina Sweeney | mystery writer

corvinasweeney.com

52

The website www.corvinasweeney.com appears to be a minimal Wix-hosted site with very limited content and no visible business or contact information. The absence of WHOIS data for the domain raises significant concerns about the legitimacy and registration status of the domain. Technically, the site uses standard Wix platform technologies and polyfills but lacks advanced SEO, accessibility, and security features. Security posture is weak due to missing security headers and basic SSL configuration. Privacy compliance is poor with no privacy or cookie policies detected. Overall, the site lacks business credibility and trust indicators, making it difficult to assess the business behind it. Strategic recommendations include improving transparency, adding privacy and contact information, and enhancing security configurations.

M

MicroPower Group

micropower-group.com

54

MicroPower Group is a small-sized company founded in 2015 operating in the energy sector, providing power solutions and related services primarily targeting business clients. The website presents basic but relevant content aligned with the energy industry, though it lacks comprehensive business and contact information. The technical infrastructure includes modern web technologies such as HTTPS, Google Tag Manager, and Cookiebot for cookie consent management, indicating a moderate level of digital maturity. However, the absence of security headers and privacy policy pages suggests room for improvement in security and compliance. The WHOIS data is transparent and consistent with the business claims, supporting the legitimacy of the domain. Overall, the website is functional but basic, with moderate security posture and privacy compliance.

A

AWSNA

waldorfeducation.org

60

The website www.waldorfeducation.org represents AWSNA, an established educational organization promoting Waldorf education across North America. The site highlights over 100 years of educational legacy, serving a broad audience of parents and educators interested in Waldorf pedagogy. The business model is non-profit, focusing on providing resources, community engagement, and support for independent Waldorf schools. The website is professionally designed with consistent branding and strong content relevance, targeting families and educational stakeholders. Technically, the site is built on WordPress using modern themes and plugins such as Astra, Yoast SEO, and Smart Slider 3. It employs Google Tag Manager for analytics and tracking. The site is mobile-optimized and performs moderately well, though some accessibility features could be enhanced. Security-wise, HTTPS is enforced, and reCAPTCHA is used to protect forms, but explicit security headers and privacy policies are missing, which could be improved to strengthen compliance and trust. Overall, the security posture is solid but could benefit from enhanced transparency around privacy and incident response. The absence of WHOIS data limits domain trust verification, but the website's professional presentation and social media presence support its legitimacy. Strategic recommendations include publishing comprehensive privacy and cookie policies, implementing security headers, and providing clear incident response contacts to improve compliance and user trust.

The website www.waldorf-international.org represents the Haager Kreis, an international conference and coordinating body for Steiner Waldorf pedagogy. It serves as a global platform for Waldorf educators to exchange knowledge, maintain quality standards, and represent the Waldorf educational movement worldwide. The organization collaborates with several partner institutions and maintains a recognized list of Waldorf schools and kindergartens globally. The website content is primarily in German with some English navigation, targeting educators and institutions involved in Waldorf education. The business model is non-profit and educational, focusing on quality assurance and international cooperation rather than commercial activities. Technically, the website is built on TYPO3 CMS with compressed CSS and JavaScript assets, indicating a moderate level of technical maturity. The site includes a cookie consent mechanism compliant with GDPR and basic privacy policies. However, there is no evidence of advanced security headers or incident response information publicly available. The site is accessible without WAF or security challenges, but the WHOIS data is incomplete and malformed, limiting domain trust verification. Security posture is moderate with room for improvement in implementing security headers and publishing explicit security policies. Privacy compliance is good with clear cookie consent and privacy policy presence. Overall, the site is professional, trustworthy, and serves its educational mission effectively, though technical and security enhancements are recommended to strengthen its posture. The overall risk is low given the non-commercial nature and educational focus, but the lack of WHOIS transparency and security headers slightly reduce trustworthiness. Strategic improvements in security and transparency would enhance credibility and resilience.

BiblioStats is a specialized statistics library and archive dedicated to Farktography contests hosted on Fark.com. It serves a niche community of contest participants and enthusiasts by providing detailed contest statistics, contestant reports, and image galleries. The website is small-scale and community-focused, with a business model centered on information archiving and user engagement through contest data. The site has been operational since 2010, reflecting a stable presence in its niche. Technically, the site is built on ASP.NET Web Forms with Microsoft AJAX, featuring basic design and navigation. It uses PayPal for donations but lacks modern SEO and accessibility features. Security posture is moderate with no DNSSEC, no visible security headers, and no explicit HTTPS confirmation in the provided data. Privacy and cookie policies are absent, and no contact or incident response information is published, which limits compliance and trust. Overall, the site is functional and safe but would benefit from enhanced security, privacy compliance, and professional contact information to improve trust and user confidence.

The domain cardmethod.com currently serves a 404 Not Found error page with no accessible business content. The page content indicates that the domain is used by Admiral (getadmiral.com) to provide copyright access control and privacy consent services for digital publishers. There is no direct business information, contact details, or policies available on the site. The technical infrastructure is hosted on Google Cloud Platform in Europe, with basic use of JavaScript, HTML, and CSS. Security practices are mentioned in the error page content, including encryption and certificate rotation, but no explicit security headers or policies are published. Overall, the site lacks content, business credibility, and privacy compliance indicators, resulting in a low trust and quality score.

The domain scaredslip.com is currently serving a 404 Not Found error page with minimal content. The page indicates that the domain is used by Admiral, a service provider specializing in copyright access control and privacy consent management for digital publishers. The domain is newly registered in October 2023 and hosted on Google Cloud Platform in Europe. The website lacks any business-specific content, contact information, or user interaction elements, limiting its utility as a standalone site. Technically, the site uses standard web technologies (JavaScript, HTML, CSS) and enforces encryption with frequent certificate rotation, but lacks advanced security headers and DNSSEC. Privacy compliance is basic but present, with no third-party cookies or cross-site tracking. Overall, the site functions as a service endpoint rather than a full business website.

R

Reset Digital

resetdigital.co

53

Reset Digital is a creative digital agency specializing in advanced digital marketing and advertising solutions, leveraging innovative technologies such as Neuro-programmatic Targeting and Cognitive Messaging. The company positions itself as a provider of smarter, more persuasive marketing strategies with over 75 years of combined experience in digital and omnichannel marketing. Their services include custom customer data platforms, dynamic ad servers, and comprehensive campaign management, targeting businesses seeking to optimize their marketing spend and brand safety. Technically, the website employs a modern tech stack including Bootstrap, jQuery, and various JavaScript libraries for enhanced user experience and multimedia content delivery. The site is moderately optimized for performance and mobile responsiveness, with a professional design and clear navigation. However, there is room for improvement in accessibility and SEO optimization. From a security perspective, the site uses HTTPS and avoids exposing sensitive data in its HTML content. However, no explicit security headers or incident response policies are visible, indicating a moderate security posture. Privacy compliance is basic, with a privacy policy and terms of service present but no cookie consent mechanism or GDPR-specific indicators. Overall, the website presents a legitimate and professional business with a moderate risk profile. Strategic improvements in security headers, privacy compliance, and transparency around incident response would enhance trust and reduce potential vulnerabilities.

D

De'Longhi Appliances S.r.l

kenwoodworld.com

9

The website www.kenwoodworld.com/de-de represents the German localized site for Kenwood, a brand under De'Longhi Appliances S.r.l. The company specializes in kitchen machines, mixers, and household appliances, targeting general consumers seeking both entry-level and professional-grade products. The site demonstrates a consistent brand presence with good content quality and user experience, leveraging modern web technologies such as React and Chakra UI for a responsive and accessible interface. However, the absence of WHOIS registration details and lack of explicit privacy and cookie policies indicate areas for improvement in transparency and compliance. Security posture is moderate with HTTPS implied but missing explicit security headers and incident response information. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and WHOIS transparency.

The website de.jbl.com is the official German regional e-commerce store for JBL, a globally recognized audio brand under Harman International. It offers a wide range of audio products including speakers, headphones, soundbars, and gaming accessories, with additional services such as product personalization and customer support. The site targets consumers in Germany and the broader European market, positioning itself as a trusted direct sales channel with guarantees like free shipping, returns, and warranty. Technically, the site is built on Salesforce Commerce Cloud, leveraging modern JavaScript libraries and third-party services for analytics, personalization, and bot protection. It demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Security posture is strong with HTTPS enforcement, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site is professional, trustworthy, and compliant with GDPR, making it a reliable platform for customers. Recommendations include publishing explicit security and incident response policies and enhancing contact information for security reporting.

S

Online-Galerien für Fotografen mit Slideshow & Online Shop

scrappbook.de

58

Scrappbook.de is a German-based online platform offering photographers the ability to create online galleries with slideshow features and an integrated online shop. The website targets photographers seeking to showcase and sell their photographic works digitally. The business operates within the technology sector, focusing on niche services for the photography community. The platform is built on WordPress using the Total theme, indicating a mature but standard technical infrastructure. The site employs modern analytics and marketing tools such as Google Tag Manager, Segment Analytics, and Intercom, alongside a cookie consent mechanism via Cookiebot, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and cookie consent implemented; however, the absence of security headers and explicit privacy policies suggests room for improvement. Overall, the website is professional and trustworthy but would benefit from enhanced transparency and security practices.