High-risk security reports

Č

Česká federace potravinových bank, z.s.

sbirkapotravin.cz

47

Sbírka potravin is a well-established non-profit initiative in the Czech Republic focused on organizing an annual food collection event to support vulnerable populations such as single mothers and elderly individuals. The campaign is supported by major retail chains, social organizations, and government ministries, indicating strong market positioning and trust. The website provides comprehensive information about the event, volunteer opportunities, and partner organizations, targeting the general public and volunteers. Technically, the website employs modern tracking and marketing technologies with appropriate user consent mechanisms, ensuring compliance with privacy regulations. Security posture is good with HTTPS and consent management but lacks some advanced security headers and explicit security policies. The absence of WHOIS data limits domain trust analysis but the website content and partnerships strongly support legitimacy. Overall, the site is professional, trustworthy, and serves an important social cause.

M

Město Lázně Bohdaneč

bohdanec.cz

45

Lázně Bohdaneč is the official municipal website for the town of Lázně Bohdaneč in the Czech Republic. It serves as a comprehensive portal providing residents and visitors with access to municipal services, news updates, event calendars, job vacancies, and contact information. The site targets local citizens and stakeholders interested in town governance and community activities. The business model is that of a local government authority focused on public service and information dissemination. Technically, the website employs modern web technologies including Blazor WebAssembly for interactive components, Google Translate for multilingual support, and a chatbot for user assistance. The site is built on the Vismo CMS platform, which is specialized for municipal websites. The design is responsive and accessible, with good SEO practices and clear navigation, although some performance optimizations could be considered. From a security perspective, the site uses HTTPS and secure form submissions but lacks visible security headers and explicit cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy and trustworthiness, which should be investigated further. Overall, the website is professional, trustworthy, and well-suited for its purpose, but improvements in security headers, privacy compliance, and domain registration transparency are recommended to enhance trust and compliance.

M

MAS Holicko o.p.s.

holicko.cz

47

MAS Holicko o.p.s. is a small non-profit organization focused on regional development and community cooperation in the Holicko region of the Czech Republic. Established in 2006, it supports local projects and social services through collaboration with municipalities, entrepreneurs, and citizens. The website reflects this mission with clear content and links to partner organizations. Technically, the site is built on Joomla CMS using modern frameworks like Helix Ultimate and Bootstrap 5, with Google Analytics integrated for visitor tracking. The site is mobile-optimized and presents a professional design with good navigation. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks security headers and published privacy or terms documents. WHOIS data is unavailable, limiting domain trust verification. Overall, the site is safe, trustworthy, and serves its community purpose effectively.

F

Ferienhof Hardthöhe

farm-wedding.de

49

Farm Wedding on Hof Hardthöhe is a specialized wedding and event venue located in Germany, offering comprehensive wedding planning and farm event services. The business targets couples seeking a rural, charming location for their wedding ceremonies and receptions, complemented by accommodation options and decoration services. The website is professionally designed using TYPO3 CMS and Bootstrap, providing a good user experience with clear navigation and mobile optimization. Social media integration and a cookie consent mechanism demonstrate digital maturity and privacy awareness. Security posture is adequate with HTTPS and cookie controls, though security headers and incident response information are absent. Overall, the site is trustworthy and well-positioned in its niche market.

F

Ferienhof Wübbold

ferienhof-wuebbold.de

44

Ferienhof Wübbold is a small hospitality business based in Germany offering farm holiday experiences and vacation rentals near the Alfsee area. The website presents a professional and family-friendly image, targeting families and holidaymakers seeking nature and farm-related vacations. The business operates primarily through holiday apartments and houses, emphasizing a niche market in regional farm tourism. Technically, the website is built on Joomla CMS with Bootstrap framework, incorporating modern web technologies such as jQuery and Font Awesome. Accessibility features and cookie consent mechanisms are implemented, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and basic best practices observed, though there is room for improvement in publishing privacy policies, terms of service, and security disclosures. Overall, the website is trustworthy and professionally maintained, with clear contact information and social media presence. No critical security issues or suspicious content were detected.

Gundi.com is a small-scale artist website showcasing and selling unique handcrafted glass sculptures. The business focuses on artistic glass creations including vases, bowls, and wearable art, targeting art collectors and enthusiasts. The website content is basic and primarily informational, with a testimonial to support trust. The site uses very outdated technology (Microsoft FrontPage Express 2.0) and lacks modern web features such as mobile optimization and accessibility enhancements. Technically, the site is hosted on Nexicom's DNS infrastructure but does not demonstrate HTTPS usage or security headers, indicating a weak security posture. No privacy or cookie policies are present, and no contact emails or phone numbers are explicitly listed, limiting user engagement and compliance with privacy regulations. Overall, the site appears legitimate and consistent with the domain age but requires significant modernization and security improvements.

O

OCI informatique

oci-rendeznousmeilleurs.fr

47

OCI informatique operates a professional recruitment website targeting IT professionals in France, offering jobs in cloud, consulting, cybersecurity, development, and infrastructure. The company positions itself as a medium-sized IT services group with a focus on growing its teams through active recruitment. The website is well-structured, uses modern web technologies including WordPress and Elementor, and implements SEO best practices with Yoast SEO. It includes GDPR-compliant cookie consent mechanisms and integrates security features such as Google reCAPTCHA to protect forms. However, explicit security policies and incident response contacts are not published, which could be improved to enhance trust and compliance. The domain registration data is consistent with the business claims, indicating legitimacy and proper domain management.

M

MyMachine Slovakia

mymachine.sk

48

MyMachine Slovakia is a non-profit educational program focused on fostering creative thinking and collaboration among children and youth in Slovakia. The program facilitates the transformation of children's ideas into real inventions through a collaborative process involving students from primary, secondary, and higher education institutions. The website reflects a well-established initiative with strong partnerships, notably with the Karpatská nadácia foundation, and presents a clear mission to nurture innovation and technical education. Technically, the website is built on WordPress using Elementor, with modern web technologies and good SEO practices. It employs HTTPS and cookie consent mechanisms to comply with GDPR, although explicit security policies and incident response contacts are not publicly available. Overall, the site demonstrates a solid security posture with room for enhancement in security headers and incident response transparency.

S

SERO Sekundärrohstoffhandel und Industriedemontagen GmbH

serogmbh.de

46

SERO Sekundärrohstoffhandel und Industriedemontagen GmbH is a specialized industrial service provider based in Lutherstadt Wittenberg, Germany, focusing on demolition, dismantling, hazardous material remediation, and recycling services. Founded in 1990 and now part of the STORK Unternehmensgruppe since 2024, the company serves industrial and chemical sectors with a comprehensive service portfolio including container services and scrap trading. The website reflects a professional and consistent brand presence with clear business information and contact details. Technically, the site is built on TYPO3 CMS with modern web technologies and offers good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms but lacks advanced security headers and incident response disclosures. Overall, the website is trustworthy, safe, and compliant with basic GDPR requirements, supporting the company's credibility in its niche market.

H

Haldenslebener Recycling- und Umweltdienst GmbH

umweltdienst-erxleben.de

42

Haldenslebener Recycling- und Umweltdienst GmbH is a medium-sized environmental services company based in Germany, specializing in recycling, container services, machinery rental, and related activities. As part of the STORK Unternehmensgruppe since 2016, it benefits from group synergies and holds ISO 14001 certification, underscoring its commitment to environmental management. The company targets construction firms, private builders, and industrial clients with a broad service portfolio including waste management and raw material supply. Technically, the website is built on TYPO3 CMS with modern frontend technologies, offering a good user experience and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security policies and advanced security headers. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, with no signs of suspicious or adult content.

R

Recycling OWL GmbH

recycling-owl.de

44

Recycling OWL GmbH is a medium-sized company specializing in the recycling, treatment, and recovery of mineral materials with a focus on metal recovery. As part of the STORK Unternehmensgruppe since 2018, it operates a strategically located facility in Hille with trimodal transport connections (road, rail, and waterway), enabling efficient and environmentally friendly logistics. The website reflects a professional business presence with clear service offerings and a focus on sustainability and logistics efficiency. Technically, the site is built on TYPO3 CMS with modern frontend technologies and demonstrates good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security policies or incident response information. Overall, the domain registration aligns with the business claims, and no suspicious patterns were detected. The site is free from adult or questionable content and maintains a high trustworthiness level.

S

STORK Umwelt GmbH

stork-leipzig.de

46

STORK Umwelt GmbH is a medium-sized German company specializing in recycling, waste management, and resource recovery, primarily serving the Leipzig/Halle region. The company operates under the umbrella of the STORK Unternehmensgruppe and offers a range of services including container services, mobile processing technology, and civil engineering. The website reflects a professional and consistent brand image with clear communication of services and certifications such as ISO 14001:2015. Technically, the site is built on TYPO3 CMS with modern frontend technologies and includes a cookie consent mechanism, indicating a reasonable level of digital maturity. Security posture is adequate with HTTPS and cookie consent but lacks explicit security policies and advanced security headers. Overall, the site is trustworthy, well-structured, and compliant with GDPR requirements.

S

STORK ALU Recycling GmbH

stork-alu.de

44

STORK ALU Recycling GmbH operates as a specialized industrial company focused on the efficient and innovative recovery of metals, particularly aluminum, copper, and stainless steel. Their core business revolves around advanced metal recycling technologies such as the Schwimm-Sink-Anlage (sink-float separation) to ensure high purity in metal recovery. The company is positioned as a competent player within the German manufacturing and recycling sector, serving industrial clients requiring sustainable raw material cycles. The website reflects a professional and consistent brand image aligned with its parent company, Stork Gruppe, and targets industry stakeholders and partners. From a technical perspective, the website is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript and CSS, with good mobile optimization and SEO practices. The site is served over HTTPS with a cookie consent mechanism in place, indicating compliance with GDPR requirements. However, some security best practices such as comprehensive security headers and published security policies are absent, representing areas for improvement. Security posture is moderate with no critical vulnerabilities detected in the visible content. The absence of incident response contacts and vulnerability disclosure policies suggests limited transparency in security governance. WHOIS data is minimal but does not raise immediate concerns, though more detailed registrant information would enhance trust. Overall, the site is safe, professional, and compliant with privacy norms but could benefit from enhanced security documentation and technical hardening. Strategically, the company should focus on strengthening its security framework, publishing clear policies, and improving accessibility features to maintain trust and compliance. The digital infrastructure is solid but could be modernized further to improve performance and resilience against emerging threats.

S

STORK Umweltdienste GmbH

stork-mobil.de

44

STORK Umweltdienste GmbH operates as a specialized provider of mobile mineral waste processing technology, focusing on modular mobile solutions for the treatment of slag, ash, construction debris, and dredged material. The company is positioned within the energy and transportation sectors, serving industrial clients requiring on-site processing capabilities. Their business model centers on B2B services with a strong emphasis on modularity and customization. The website reflects a medium-sized enterprise with consistent branding and professional presentation, supported by a parent company, STORK Unternehmensgruppe. Technically, the site is built on TYPO3 CMS with modern web standards, offering good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacking explicit security policies or incident response contacts. Overall, the site is trustworthy, compliant with GDPR, and provides clear contact channels.

BeSt Bernauer Stadtmarketing GmbH is a small-sized city marketing company founded in 2009, dedicated to promoting the city of Bernau bei Berlin. The company manages cultural events, visitor centers including the UNESCO World Heritage Bauhaus visitor center, and tourist information services. The website reflects a well-structured and content-rich platform targeting residents, tourists, and cultural enthusiasts. Technically, the site uses Contao CMS with modern frontend frameworks like Bootstrap and SwiperJS, and integrates analytics tools such as Google Analytics and Matomo. Security posture is moderate with HTTPS usage but lacks explicit security headers and incident response information. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the site is professional and trustworthy but could improve in privacy and security transparency.

O

OCI informatique

rendeznousmeilleurs.fr

47

OCI informatique operates a professional recruitment website targeting IT professionals in France, offering jobs in cloud, consulting, infrastructure, cybersecurity, and related fields. The company positions itself as a medium-sized IT services group focused on expanding its talent pool. The website is built on WordPress with Elementor and includes modern SEO and privacy compliance features such as cookie consent and GDPR-aligned privacy policies. Technically, the site uses HTTPS, Google reCAPTCHA, and standard web technologies, providing a moderate to good performance and user experience. Security posture is solid but could be improved with additional security headers and explicit incident response policies. The WHOIS data shows an anomalous domain creation date in the future, which requires verification but does not currently impact the website's operational legitimacy. Overall, the site is professional, trustworthy, and compliant with privacy regulations, serving its business purpose effectively.

A

Aszód város

aszod.hu

47

Aszód.hu is the official website of Aszód city in Hungary, serving as a municipal information portal. It provides comprehensive information about the city's geography, history, economy, community life, and events. The website targets residents and visitors seeking official city information and services. The business model is that of a government/public service entity, with a focus on transparency and community engagement. Technically, the site is built on WordPress 6.8.3 using the Astra theme and Elementor page builder, supplemented by plugins for events, search, accessibility, and GDPR compliance. The infrastructure reflects a modern WordPress ecosystem with performance optimizations via WP Rocket. Mobile optimization and accessibility are well addressed, enhancing user experience. From a security perspective, the site enforces HTTPS and uses performance and accessibility plugins that indirectly support security and compliance. However, explicit security headers are missing, and no dedicated security or privacy policies are found. There is no visible incident response or vulnerability disclosure information, which could be improved to enhance trust and compliance. Overall, the website is legitimate, consistent with the domain's WHOIS data, and professionally maintained. The risk level is low, but improvements in privacy transparency and security headers would strengthen the security posture and user trust.

M

Mönchengladbacher Abfall-, Grün- und Straßenbetriebe AöR

mags.de

26

Mönchengladbacher Abfall-, Grün- und Straßenbetriebe AöR (mags) is a municipal public service provider based in Mönchengladbach, Germany, specializing in waste management, green maintenance, and street services. The website serves as an informational portal for residents and businesses in the region, providing details about their service offerings. The site is built on TYPO3 CMS, a widely used open-source content management system favored by government entities, and is hosted on Mittwald servers. The presence of Usercentrics consent management and Matomo analytics indicates a moderate level of digital maturity with attention to privacy compliance. However, the absence of explicit privacy policies and terms of service pages suggests room for improvement in transparency and compliance documentation. Security posture is adequate with HTTPS enabled but lacks visible security headers and formal security policies. Overall, the website is professional, trustworthy, and serves its public sector function effectively.

B

BBW Recycling Mittelelbe GmbH

bbw-recycling.de

46

BBW Recycling Mittelelbe GmbH is a medium-sized German company specializing in the recycling of construction waste and supply of recycled building materials. The company operates a large facility with advanced processing capabilities, serving construction and waste management sectors. Their website is professionally designed using TYPO3 CMS, featuring multilingual support and clear navigation. The technical infrastructure is modern with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent implemented, though lacking some advanced security headers and explicit security policies. Overall, the website reflects a trustworthy and compliant business presence with room for security and legal documentation improvements.

S

STORK Unternehmensgruppe

stork-gruppe.de

44

STORK Unternehmensgruppe is a medium-sized, well-established European service company specializing in waste disposal and recycling, with over 30 years of operational history. The group comprises 23 companies across 13 locations, employing more than 460 staff. Their core competencies include mineral waste processing, mobile and stationary recycling technologies, and specialized services such as industrial cleaning, demolition, and hazardous material remediation. The company targets B2B clients across Europe, positioning itself as a leader in efficient metal recovery and sustainable environmental solutions. Technically, the website is built on TYPO3 CMS, featuring modern web technologies and a responsive design, though some performance and accessibility improvements are possible. Security posture is adequate with HTTPS and cookie consent implemented, but lacks explicit security headers and published incident response policies. Overall, the domain and website content align well, supporting legitimacy and trustworthiness.

K

Karpatská nadácia

karpatskanadacia.sk

47

Karpatská nadácia is a well-established non-profit organization founded in 2007, focused on fostering prosperity and social development in Eastern Slovakia. The foundation offers grant funding, community development programs, and humanitarian aid, with a strong emphasis on supporting excluded Roma communities and aiding Ukraine. Their market position is solid within the regional non-profit sector, supported by partnerships with UNICEF and other organizations. The website reflects a professional and consistent brand image, targeting individuals and organizations committed to regional development. Technically, the website is built on a modern WordPress CMS platform using Elementor and Astra theme, hosted by Websupport. It employs contemporary web technologies including jQuery, Google Tag Manager, and CookieYes for cookie consent management. The site is mobile-optimized with good SEO and accessibility basics, though some accessibility features could be enhanced. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS with DNSSEC enabled, employs cookie consent with granular user controls, and integrates tracking tools like Google Analytics, Microsoft Clarity, and Facebook Pixel responsibly. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a published security policy and incident response contact information, which are recommended for improved transparency and readiness. Overall, the website is trustworthy, compliant with GDPR, and professionally maintained. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and improving accessibility compliance to further strengthen the security posture and user trust.

C

Centrum pre filantropiu

cpf.sk

40

Centrum pre filantropiu is a well-established Slovak non-profit organization dedicated to fostering philanthropy and charitable giving in Slovakia for over 23 years. The organization connects donors with those in need and manages philanthropic strategies and grant programs. Their website reflects a mature digital presence with clear messaging, professional design, and comprehensive content focused on their mission and projects. Technically, the site is built on WordPress using modern plugins and tracking tools such as Google Tag Manager, Facebook Pixel, and Hotjar, indicating a good level of digital maturity. Security posture is solid with HTTPS and cookie consent mechanisms, though there is room for improvement in publishing explicit security policies and headers. Overall, the site is trustworthy, compliant with GDPR, and provides clear contact information, supporting its credibility as a non-profit entity.

S

SCHWING Stetter

schwing-stetter.fr

42

SCHWING Stetter is a well-established French company specializing in the manufacturing, transport, and fabrication of concrete machinery and equipment. With a history dating back to 1985 and a domain registered since 1998, the company holds a solid market position in the construction and industrial equipment sector. Their key offerings include concrete batching plants, mixers, pumps, and recycling stations, supported by after-sales services and spare parts. The website targets construction professionals and businesses, providing detailed product information and service options. Technically, the website is built on WordPress with modern plugins and optimizations, hosted by OCI CLOUD, ensuring a reliable digital presence. Security measures include HTTPS, Google reCAPTCHA on forms, and cookie consent mechanisms, although some security headers could be improved. Overall, the site demonstrates good content quality, professional design, and compliance with privacy regulations, supporting a trustworthy business image.

Zartbitter e.V. operates an online webshop focused on educational and preventive materials related to child protection, sexual abuse prevention, and child rights. The website offers a variety of products including books, brochures, posters, and multimedia targeted primarily at parents, educators, and professionals working with children and youth. The business model is a niche non-profit e-commerce platform serving the German-speaking market (Germany, Austria, Switzerland). Technically, the website is built on WordPress with WooCommerce and uses several plugins for product display, discount rules, and GDPR compliance. The site is mobile-optimized and uses HTTPS, but lacks some advanced security headers. Performance is moderate with a good user experience and clear navigation. From a security perspective, the site enforces HTTPS and has a cookie consent mechanism compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. However, security headers like Content-Security-Policy and HSTS are not evident and should be implemented. There is no published security policy or incident response contact information. Overall, the website is safe, professional, and trustworthy for its target audience. The lack of direct contact information and detailed WHOIS data slightly limits business credibility assessment. Strategic improvements in security headers and transparency around security policies would enhance trust and compliance.

Tribune Group GmbH is a Berlin-based investment, holding, and management company specializing in media, education, and lifestyle projects globally. The company operates multiple subsidiaries and partner platforms primarily focused on dental and pharmaceutical continuing education, as well as lifestyle media. Their market position is supported by recognized certifications such as ADA CERP and ACPE accreditation, indicating a strong foothold in professional education sectors. Technically, the website employs modern frontend technologies including Bootstrap 4.3.1, jQuery, and Owl Carousel, providing a responsive and user-friendly experience. However, the site lacks some advanced security headers and explicit privacy and cookie policies, which are critical for compliance and trust. The domain registration is consistent with the business claims, showing a well-established presence since 2009. Security posture is moderate; while HTTPS is implied, no security headers or DNSSEC are enabled, and no incident response or vulnerability disclosure information is provided. The absence of privacy and cookie policies reduces privacy compliance scores. Overall, the website is professional and trustworthy but would benefit from enhanced security and compliance measures. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling security headers and DNSSEC, establishing incident response contacts, and improving accessibility and SEO features to strengthen digital maturity and trustworthiness.

S

Středisko volného času RADOVÁNEK

radovanek.cz

44

Středisko volného času RADOVÁNEK is a well-established non-profit educational and leisure center based in Plzeň, Czech Republic, with a history dating back to 2005 and organizational roots spanning 75 years. The organization offers a broad range of educational clubs, camps, cultural events, and projects targeting children, youth, and adults in the Plzeň region. The website reflects a professional and consistent brand presence, showcasing partnerships, awards, and a comprehensive offering of services. Technically, the site is built on Joomla CMS with modern frameworks like Gantry 5 and uses common libraries such as jQuery and Bootstrap, ensuring good mobile optimization and accessibility. Security posture is solid with HTTPS enforced, use of Google reCAPTCHA, and a detailed cookie consent mechanism, although some security headers could be improved. Privacy compliance is well addressed with a comprehensive GDPR policy and cookie management. Overall, the site is trustworthy, user-friendly, and well-positioned in its regional educational sector.

S

SCHWING Stetter

schwing.de

49

SCHWING Stetter is a well-established German manufacturer specializing in concrete machinery and equipment, including truck-mounted concrete pumps, mixers, stationary pumps, and mixing plants. The company serves the construction industry globally with a broad product portfolio and after-sales services. Their website reflects a professional and consistent brand presence, targeting construction professionals and equipment buyers. The site is built on TYPO3 CMS and employs modern web technologies with a focus on privacy, as evidenced by the use of Matomo analytics and a comprehensive cookie consent mechanism. Security posture is solid with HTTPS enforced and domain registration consistent with the business history. However, there is room for improvement in security headers and published security policies. Overall, the website is trustworthy, well-structured, and compliant with GDPR requirements.

W

Web Best Practice LTD

webbestpractice.co.uk

47

Web Best Practice LTD is a UK-based web development company with over 20 years of experience, specializing in web design, digital marketing, and branding services. The company targets businesses primarily in Manchester and across the UK, offering a full in-house team and a portfolio of over 1000 websites. The website is professionally designed, mobile optimized, and includes comprehensive customer reviews and contact options. Technically, the site uses modern web technologies and tracking tools such as Google Tag Manager, Facebook Pixel, and Mouseflow, with appropriate privacy and cookie consent mechanisms in place. Security posture is good with HTTPS and reCAPTCHA implemented, though explicit security headers are not detected and could be improved. WHOIS data is unavailable due to domain naming rules violation, which raises some legitimacy concerns, but the website content and business information appear consistent and trustworthy. Overall, the site demonstrates a mature digital presence with room for security enhancements.

D

DJK Landesverband NRW e.V.

vollwertsport.de

46

The website www.vollwertsport.de represents the DJK Landesverband NRW e.V., a small non-profit organization focused on promoting values in sports through seminars, events, and educational products. The site serves a niche audience interested in sports education and community engagement within the NRW region of Germany. The business model revolves around non-profit activities supplemented by an e-commerce shop offering value-based sports products. Technically, the site is built on a modern WordPress platform using WooCommerce and Avada theme, with SEO and cookie consent mechanisms properly implemented. Security posture is good with HTTPS and cookie consent, though some security headers and explicit policies could be enhanced. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, with clear contact information and legal pages. No critical security or content safety issues were detected.

S

Sportvereinigung Deutsche Jugendkraft Spandau (DJK Spandau)

djk-spandau.de

47

Sportvereinigung Deutsche Jugendkraft Spandau (DJK Spandau) is a German non-profit sports club offering a variety of sports activities such as badminton, boule, gymnastics, Nordic walking, skate biathlon, sports shooting, table tennis, volleyball, and archery. The club targets local community members including children, adults, and people interested in inclusive sports programs. The website reflects a well-structured and accessible platform with clear navigation and content relevant to its audience. It maintains partnerships with reputable sports organizations, enhancing its community presence and trustworthiness. Technically, the website is built on Joomla CMS with modern web technologies including Bootstrap and jQuery. It is hosted on servers associated with kasserver.com and employs HTTPS with a cookie consent mechanism compliant with GDPR. Accessibility features such as screen reader support and contrast modes are implemented, indicating a commitment to inclusive design. Performance is moderate with good mobile optimization. From a security perspective, the site uses HTTPS and cookie consent banners but lacks visible security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data is minimal but consistent with a legitimate hosting setup. Overall, the security posture is adequate but could be improved with additional headers and documented policies. The overall risk assessment is low with recommendations to enhance security headers, add incident response contact information, and maintain regular updates to Joomla and plugins. The website is professional, trustworthy, and compliant with privacy regulations, serving its community effectively.

O

Oranto GmbH

study-platform.eu

49

Oranto GmbH operates the Study-Platform.eu website, offering a comprehensive software solution for clinical and non-clinical study management. Their platform integrates survey systems, content management, participant management (CRM), learning management (LMS), and statistical monitoring tools, emphasizing GDPR compliance and data protection. The company targets researchers and organizations requiring flexible, customizable study design and execution tools. The website reflects a niche market position with a decade of experience in customized study software development. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and Matomo analytics configured to disable cookies, indicating a privacy-conscious approach. The site is mobile-optimized, accessible, and well-structured with good SEO practices. However, some improvements are needed in cookie consent mechanisms and publishing security policies. From a security perspective, the site uses HTTPS with good SSL configuration and avoids third-party API integrations, reducing attack surface. No critical vulnerabilities or exposed sensitive data were detected. The absence of explicit security headers and incident response information suggests room for enhancement in security posture. WHOIS data is unavailable due to EURid privacy policies, which is common but slightly reduces transparency. Overall, the website presents a professional, trustworthy front for a small technology company specializing in study software solutions. Strategic recommendations include implementing cookie consent, publishing terms and security policies, adding security headers, and providing vulnerability disclosure contacts to strengthen compliance and trust.

G

Greystyle.com

greystyle.com

44

Greystyle.com is a small German-based graphic and web design company established since 2002, specializing in clean programming solutions and elegant design. Their market position is niche-focused, serving clients primarily in the cultural and ecclesiastical sectors in Germany. The website showcases a comprehensive portfolio of projects, emphasizing CMS development, corporate design, and print media. Technically, the site uses XHTML, JavaScript libraries including jQuery and Highslide, and Matomo for analytics, but includes some outdated Flash content. Security posture is moderate with privacy policies in place and anonymized analytics, but lacks visible security headers and cookie consent mechanisms. WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional presentation. Overall, the site is functional and trustworthy but would benefit from modern security and privacy enhancements.

D

Deutsche Atlantische Gesellschaft e.V.

ata-dag.de

38

The Deutsche Atlantische Gesellschaft e.V. is a German non-profit organization dedicated to informing and engaging the public on German and European security policy, NATO objectives, and transatlantic relations. The organization operates through events, seminars, lectures, podcasts, and publications, targeting individuals and entities interested in security and defense topics. Their market position is that of an established, reputable non-profit within the government and policy sector in Germany. Technically, the website is built on WordPress, utilizing common libraries such as jQuery, Bootstrap, and Font Awesome, with SEO optimization via Yoast. Hosting appears to be managed through kasserver.com. The site is moderately performant, mobile-optimized, and includes analytics via Matomo, reflecting a reasonable level of digital maturity. From a security perspective, the site enforces HTTPS and uses CAPTCHA on contact forms, alongside a cookie consent mechanism. However, it lacks explicit security headers, a published security policy, and vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with no explicit privacy policy or terms of service pages found. Overall, the website presents a professional and trustworthy front for the organization, with good content quality and business credibility. Security and privacy practices could be enhanced to meet higher compliance standards and improve user trust.

I

Institut der deutschen Wirtschaft

iwd.de

45

The website www.iwd.de serves as the information service of the Institut der deutschen Wirtschaft, providing up-to-date economic analyses, research results, and background information on current economic topics primarily focused on Germany and Europe. It targets professionals, policymakers, academics, and the general public interested in economic affairs. The business model revolves around disseminating economic knowledge through articles, dossiers, newsletters, and interactive graphics, positioning itself as a reputable and authoritative source in the German economic research landscape. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and integrates analytics tools such as Matomo and Google Tag Manager. It employs Usercentrics for GDPR-compliant consent management. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing search engine visibility. Hosting is managed via domaincontrol.com (GoDaddy), a common and reliable provider. From a security perspective, the website enforces HTTPS with a strong SSL configuration and uses consent management for cookies, reflecting good privacy practices. However, it lacks explicit security headers and published security policies or incident response contacts, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected in the content. The site demonstrates a moderate to high security posture but could enhance transparency and technical security controls. Overall, www.iwd.de is a professional, trustworthy, and content-rich platform with strong compliance to privacy regulations and a solid technical foundation. Strategic recommendations include implementing security headers, publishing a security policy and incident response information, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen the site's security posture and trustworthiness.

C

Cruise Gate Hamburg GmbH

cruisegate-hamburg.de

49

Cruise Gate Hamburg GmbH operates the cruise terminals in Hamburg, managing berth allocations and serving as the central contact for cruise operators. The company also markets Hamburg as a cruise destination internationally. The website is professionally designed, primarily in German, and targets cruise operators, passengers, and tourism stakeholders. Technically, the site uses modern JavaScript libraries such as jQuery and Video.js, with a CMS likely Kirby. It is mobile-optimized and SEO-friendly, though some accessibility features are basic. Security posture is good with HTTPS enforced, but lacks some security headers and explicit security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact is mainly via forms, with no direct emails or phone numbers visible. Social media presence is strong, enhancing trust and engagement.

I

Industrie – Wasser – Umweltschutz e.V.

iwu-dueren.de

45

Industrie – Wasser – Umweltschutz e.V. (IWU) is a regional non-profit association serving industrial companies with a focus on environmental law and water management. The organization provides legal advice, administrative procedure support, environmental policy representation, and training for environmental officers. It collaborates closely with regional industry associations and municipalities, positioning itself as a key environmental service provider in its region. The website reflects a professional and consistent brand image with clear service offerings and partner affiliations. Technically, the site is built on WordPress with Visual Composer and uses standard web technologies, offering moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent but lacks advanced security headers and incident response information. Overall, the site is trustworthy and compliant with GDPR, though improvements in security practices and transparency could enhance its posture.

H

Haus der Industrie

hausderindustrie.de

40

Haus der Industrie is a German-language website likely representing an industrial or business entity, though explicit business details are not present in the accessible content. The site uses WordPress with common plugins such as Bootstrap and Visual Composer, indicating a standard CMS-based infrastructure. The technical setup is moderate with basic mobile optimization and no advanced analytics or marketing tools detected. Security posture is basic, with HTTPS enabled but lacking security headers and visible security policies. No privacy or cookie policies were found, and no contact information is provided, limiting user trust and compliance. Overall, the site is accessible and functional but lacks comprehensive business and security information.

V

Vereinigte Industrieverbände von Düren, Jülich, Euskirchen und Umgebung e.V.

extraviv.de

38

The website extraviv.de serves as a members-only information portal for the Vereinigte Industrieverbände von Düren, Jülich, Euskirchen und Umgebung e.V., a regional industry association in Germany. It provides employers and association members with access to documents, newsletters, event information, and other resources relevant to their business operations and networking. The site is primarily in German and targets local employers within the manufacturing and non-profit sectors. Technically, the site uses a custom or unknown CMS with JavaScript libraries such as jQuery UI and Modernizr, hosted on servers associated with kasserver.com. The design is professional and consistent, though mobile optimization and accessibility are basic. Security posture is moderate with a login form secured by POST but lacks advanced security headers and cookie consent mechanisms. No WAF or blocking mechanisms were detected, and the domain registration data aligns well with the website's business purpose, indicating legitimacy. Overall, the site scores well on business credibility and content quality but could improve technical implementation and security practices.

Craftverk Digital's website is currently under construction, displaying only a placeholder message with no substantive content or business details. The site uses WordPress with the Impreza theme and WPBakery page builder, hosted likely by WebSupport based on nameservers. Basic security features such as HTTPS and DNSSEC are enabled, but no privacy, cookie, or terms of service policies are present, nor is there any contact information or forms. The domain WHOIS data is suspicious due to a future creation date, which undermines trust and legitimacy. Overall, the website is in an early stage of development with minimal digital maturity and poor content quality.

S

STORK Umweltdienste GmbH

stork-umwelt.de

46

STORK Umweltdienste GmbH is a medium-sized German company specializing in recycling, waste disposal, and raw material recovery with over 30 years of experience. The company operates from Magdeburg with a strong focus on environmental sustainability, supported by ISO 14001 certification. Their services include recycling, container services, mobile processing technology, and logistics leveraging trimodal transport connections. The website is professionally designed using TYPO3 CMS, providing clear navigation and multilingual support. Contact information and social media presence enhance business credibility. Security posture is good with HTTPS and cookie consent mechanisms, though no explicit security policy or incident response contacts are published. Overall, the website reflects a trustworthy and established business with a solid digital presence.

The website www.mein-t-raum.de is currently inaccessible beyond a Cloudflare security challenge page that requires human verification via Turnstile CAPTCHA. This indicates the presence of a Web Application Firewall (WAF) protecting the site from automated access or potential threats. Due to this blocking, no actual business content, contact information, or policies are accessible for analysis. The domain is hosted on the Jimdo platform as inferred from the nameservers, and Cloudflare provides security and performance services. The lack of visible content and business data limits the ability to assess the company's market position, services, or compliance posture. Security-wise, the use of Cloudflare WAF and CAPTCHA is a positive indicator, but the absence of security headers and policies reduces the overall security maturity score. Privacy compliance and business credibility cannot be evaluated due to missing information.

K

Katholische Studierende Jugend

ksjberlin.de

45

KSJ Berlin is a non-profit youth organization focused on engaging students and young people in Berlin through volunteer activities, school participation, and societal involvement. The organization operates as part of the Catholic youth umbrella (BDKJ) but is inclusive of all beliefs. Their website provides information about membership, events, and community platforms such as a Discord server. Technically, the site uses modern frontend technologies including Bootstrap, jQuery, and Google Fonts, and is hosted with domain control services. It is mobile optimized and includes SEO best practices. Security-wise, the site enforces HTTPS, uses Google Analytics with IP anonymization, and implements a cookie consent banner, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professionally maintained, suitable for its target audience of youth in Berlin.

okaJ is a small non-profit youth organization based in Berlin, Germany, focused on providing an open, catholic, and active community for young people. The organization supports youth groups within the church, offers networking opportunities, spiritual programs, and volunteer engagement. The website reflects a professional and consistent brand image targeting youth and youth groups in the Berlin area. Technically, the site is built on WordPress with common plugins and uses Google reCAPTCHA for form security. While the site is well designed and user-friendly, it lacks privacy and cookie policies, which are important for GDPR compliance. Security posture is moderate with HTTPS enabled but missing security headers and vulnerability disclosure mechanisms. Overall, the domain and website appear legitimate and trustworthy for their stated purpose.

J

Jugendverbände der Gemeinschaft Christlichen Lebens - Diözesanverband Berlin

j-gcl.berlin

42

J-GCL Berlin is a small non-profit youth organization focused on Christian community activities within the Berlin region. The website serves primarily as an informational portal presenting the organization's identity, social media presence, and contact email. The business model centers on community engagement and youth involvement in Christian life, positioning itself as a local entity without commercial operations. Technically, the website is built on a simple HTML5 and CSS stack with some JavaScript for UI enhancements, using the HTML5 UP design template and Font Awesome icons. The site is moderately optimized for mobile devices but lacks advanced SEO and accessibility features. Security posture is basic; while the domain is registered with a reputable German registrar and protected against unauthorized transfers, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Overall, the site is safe, with no adult or questionable content, but would benefit from enhanced security and compliance measures.

M

Markt Thüngen

markt-thuengen.de

44

Markt Thüngen is a small municipal government entity located in Unterfranken, Germany, serving approximately 1,450 residents. The website provides comprehensive information about the community, local history, energy infrastructure including solar parks, and municipal services. It positions itself as a modern community rooted in tradition, with a focus on sustainability and local business support. The site is built on a WordPress platform using Elementor and Yoast SEO, indicating a moderate level of digital maturity. The technical infrastructure is stable with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled, but lacks some advanced security headers and cookie consent mechanisms, which are recommended for GDPR compliance. Overall, the website is professional, trustworthy, and serves its community well, though improvements in privacy compliance and security policies would enhance its risk profile.

A

Arte Bunkering OÜ

artebunkering.com

34

Arte Bunkering OÜ is a specialized marine fuel supply company founded in 2012, operating globally with offices in Europe, Asia, and the Americas. The company focuses on delivering marine fuel oil, gas oil, lube oil, and eco-friendly fuels such as LNG to over 3000 vessels annually across more than 650 ports. Their business model centers on providing personalized, efficient, and timely bunkering services with competitive pricing, targeting shipping companies and vessel operators worldwide. The website reflects a professional and consistent brand image with clear contact information and a global presence, supporting their market position as an experienced player in the marine energy sector. Technically, the website employs modern web standards including HTML5, CSS with LESS preprocessing, and JavaScript. It is hosted likely by Loginet, with responsive design elements and basic accessibility features. However, the site lacks advanced SEO optimization and does not appear to use a CMS or analytics tools based on the provided data. Performance is moderate, and mobile optimization is good. From a security perspective, the site uses HTTPS (implied by base href https URL), includes a CSRF token meta tag indicating some security awareness, but lacks DNSSEC and visible security headers. There is no privacy or cookie policy found, which is a compliance gap, especially under GDPR. Incident response and vulnerability disclosure information are absent. The WHOIS data is consistent and supports the legitimacy of the domain and business. Overall, the security posture is moderate but could be improved with better policy transparency and technical security controls. The overall risk assessment is moderate with no critical vulnerabilities or blocking detected. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and publishing incident response and vulnerability disclosure information to enhance trust and compliance.

H

Heinrich Wegener & Sohn Bunkergesellschaft m.b.H.

wegener-bunker.de

43

Heinrich Wegener & Sohn Bunkergesellschaft m.b.H. is a specialized German company providing marine fuels and lubricants worldwide, with a strong reputation built over more than 50 years. The company emphasizes quality, sustainability, and certified standards such as ISO 9001 and IMPA membership. Their target audience includes maritime shipping companies and related stakeholders. The website is built on TYPO3 CMS with Bootstrap and jQuery, featuring a professional design and good mobile responsiveness. Matomo analytics is used with privacy-conscious settings disabling cookies. Security posture is solid with HTTPS and some privacy measures, but lacks advanced security headers and formal incident response disclosures. Contact information is comprehensive with multiple phone numbers but no public emails or contact forms. Overall, the site is trustworthy and business-focused with room for improvement in privacy and security transparency.

I

IBT Bunkering & Trading

ibtbunker.com

44

IBT Bunkering & Trading is a well-established global bunker trader based in Hamburg, Germany, with over 45 years of market presence. The company specializes in marine fuel supply, offering services such as spot trading, formula-based contracts, and price hedging to shipping companies worldwide. Their business model focuses on building long-term, reliable relationships with clients and suppliers, supported by a strong network and industry memberships. Technically, the website employs modern web technologies including Bootstrap and JavaScript, providing a good user experience with mobile optimization and clear navigation. However, the site lacks explicit privacy and cookie policies, which is a compliance gap. Security-wise, HTTPS is enabled and domain registration is stable, but the absence of security headers and incident response information suggests room for improvement. Overall, the website is professional and trustworthy, but enhancing privacy compliance and security practices would strengthen its posture.

H

Hamburg Port Authority

hamburg-port-authority.de

47

Hamburg Port Authority (HPA) is a large public entity managing the port infrastructure of Hamburg since 2005. It provides comprehensive services including infrastructure planning, port safety, traffic management, and real estate management. The website reflects a mature digital presence with a structured navigation system, multilingual support, and integration of modern web technologies such as TYPO3 CMS and video content. The organization maintains active social media channels and uses consent management and analytics tools to monitor user engagement. Security posture is strong with HTTPS and security headers in place, though privacy policy documentation and incident response contacts could be improved. Overall, the site is professional, trustworthy, and serves a broad audience including port users, residents, and business partners.