Security Directory

S

Skiclub Oberstdorf Veranstaltungs GmbH

skispringen-damen.de

53

The website www.skispringen-damen.de serves as the official platform for promoting the FIS Women's Ski Jumping World Cup events, specifically the Two Nights Tour held in Oberstdorf, Germany. The site targets sports fans and attendees interested in women's ski jumping competitions, providing event information, ticket sales, media resources, and sponsorship details. The business operates as a small event organizer with a clear focus on winter sports and regional partnerships. Technically, the website is built on the Tramino CMS platform and utilizes modern JavaScript libraries such as jQuery, Slick Carousel, and RequireJS. Hosting appears to leverage AWS S3 and tramino.net infrastructure, ensuring reliable content delivery. The site demonstrates good mobile optimization, SEO practices, and basic accessibility features, delivering a positive user experience. From a security perspective, the site enforces HTTPS and implements a comprehensive cookie consent mechanism aligned with GDPR requirements. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security policies, incident response contacts, or vulnerability disclosure mechanisms suggests room for improvement in formal security governance. Overall, the website presents a professional and trustworthy digital presence for the ski jumping event, with strong compliance and technical foundations. Strategic enhancements in security transparency and accessibility could further strengthen its posture.

The website www.nordic-oberstdorf.de serves as the official platform for the FIS Nordic Combined World Cup event held in Oberstdorf, Germany. It provides comprehensive information about the event, including news, results, media coverage, and service details for participants and fans. The site is positioned as a regional event organizer with strong ties to international sports federations and local partners. The business model focuses on event promotion, sponsorship management, and media dissemination targeting winter sports enthusiasts and stakeholders. Technically, the website is built on the Tramino CMS platform and employs modern JavaScript libraries such as jQuery, RequireJS, and Slick Carousel for dynamic content and user experience enhancements. It uses HTTPS with a valid SSL configuration and integrates Google Analytics with a consent-based mechanism, reflecting a mature digital infrastructure. Mobile optimization and SEO practices are well implemented, though accessibility features could be improved. From a security perspective, the site enforces HTTPS and provides a detailed cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is limited but does not raise suspicion, supporting the site's legitimacy. Overall, the website is professional, trustworthy, and well-suited for its purpose. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility to further strengthen its security posture and user inclusivity.

S

Skisport- und Veranstaltungs GmbH

tour-de-ski.info

56

The website tour-de-ski.info serves as the official digital presence for the Coop FIS Tour de Ski event held in Oberstdorf, Germany. It provides comprehensive information about the event schedule, results, media coverage, sponsors, and local organizers. The business behind the site is Skisport- und Veranstaltungs GmbH, a German company established in 2006, which aligns with the domain age and content. The site targets sports enthusiasts, media professionals, sponsors, and the local community interested in Nordic skiing competitions. Technically, the website is built on the Tramino CMS platform and utilizes modern JavaScript libraries such as jQuery, Slick Carousel, and RequireJS. It is hosted on infrastructure likely provided by Speedkom, with content delivered via CDN services. The site is mobile-optimized and includes SEO best practices, though accessibility features are basic. Performance is moderate, with room for improvement in security headers and accessibility. From a security perspective, the site enforces HTTPS and implements a detailed cookie consent mechanism compliant with GDPR. However, it lacks visible security headers and does not publish explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is consistent and transparent, supporting the legitimacy of the domain and business. Overall, the website is professional, trustworthy, and well-suited for its purpose. Strategic improvements in security headers, incident response transparency, and accessibility would enhance its posture. The site demonstrates good privacy compliance and business credibility, making it a reliable source for event information.

The Walserschanz website represents a cultural heritage project focused on revitalizing a historically significant site at the border of Allgäu and Kleinwalsertal. The project aims to create an interactive exhibition and gastronomy experience to engage visitors with the site's history and natural surroundings. The website is professionally designed with good content quality, clear navigation, and mobile optimization, targeting tourists and regional visitors interested in history and nature. Technically, the site uses modern JavaScript libraries and a CMS platform called Tramino, hosted partly on Amazon S3, delivering moderate performance with good privacy compliance through a comprehensive cookie consent mechanism. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information could be improved. The absence of WHOIS data for the domain is a notable concern, suggesting a need for verification of domain registration legitimacy. Overall, the site is trustworthy and professional but would benefit from enhanced transparency on security policies and domain registration details.

E

Elavon Financial Services DAC.

elavon.co.uk

72

Elavon Financial Services DAC operates a comprehensive payment solutions website targeting businesses ranging from small retailers to large enterprises. The company offers a broad suite of services including card machines, online payment gateways, transaction risk analysis, and currency solutions. As a subsidiary of U.S. Bancorp, Elavon maintains a strong market presence across 36 countries with over 2 million customers. The website reflects a mature digital infrastructure with professional design, clear navigation, and extensive content tailored to business clients. Technically, the site leverages Adobe Experience Manager CMS, modern JavaScript libraries, and Google Tag Manager for analytics, ensuring a responsive and accessible user experience. Security posture is robust with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and incident response contacts are not prominently published. WHOIS data for the domain is unavailable due to UK domain naming rules, but the website content and branding strongly support legitimacy. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations.

E

Elavon Financial Services DAC.

elavon.pl

63

Elavon Polska is a branch of Elavon Financial Services DAC, a subsidiary of U.S. Bancorp, providing innovative payment solutions tailored for businesses in Poland and across Europe. The company offers a broad range of services including payment terminals, online payment gateways, contactless payments, and value-added financial services. With a strong market presence in 36 countries and over 2 million customers, Elavon positions itself as a reliable and comprehensive payment service provider for small to large enterprises. The website reflects a professional and consistent brand image, targeting business clients seeking secure and efficient payment processing solutions. Technically, the website is built on Adobe Experience Manager, leveraging modern web technologies and Google Tag Manager for analytics. The site is mobile-optimized, accessible, and SEO-friendly, providing a smooth user experience. Security measures such as HTTPS and cookie consent mechanisms are in place, although some security headers could be enhanced. No blocking or WAF challenges were detected, allowing full content accessibility. From a security and compliance perspective, the site demonstrates good practices with GDPR-compliant privacy and cookie policies, clear contact information, and no visible vulnerabilities or exposed sensitive data. The absence of WHOIS data is typical for .pl domains and does not detract from the site's legitimacy, supported by detailed legal disclosures and consistent branding. Overall, Elavon Polska's digital presence is robust, professional, and trustworthy, supporting its role as a major player in the payment services industry. Continued improvements in security headers and incident response transparency could further strengthen its security posture.

E

Elavon Financial Services DAC.

elavon.ie

74

Elavon Financial Services DAC operates as a prominent provider of card payment solutions and merchant services, targeting a broad spectrum of businesses from small local retailers to large corporate enterprises. The company is part of the U.S. Bancorp group, indicating strong financial backing and market presence. Their website emphasizes smart, sensible payment solutions tailored by expert teams, positioning Elavon as a trusted partner in the payments industry across Ireland and Europe. Technically, the website leverages modern technologies including Adobe Experience Manager CMS, VideoJS for media playback, and Google Tag Manager for analytics, reflecting a mature digital infrastructure. The site is well-optimized for mobile devices, accessible, and SEO-friendly, providing a professional user experience with clear navigation and comprehensive content. From a security perspective, the site enforces HTTPS, employs standard security headers, and integrates cookie consent mechanisms aligned with GDPR requirements. However, explicit security policies and incident response details are not publicly available, suggesting room for improvement in transparency. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website and business demonstrate a high level of professionalism, trustworthiness, and compliance with privacy standards. The lack of WHOIS data due to privacy protection is typical for financial services entities and does not detract from the legitimacy of the business. Strategic recommendations include publishing detailed security policies and vulnerability disclosure information to enhance trust further.

E

Elavon

elavon.de

68

Elavon Germany operates as a major payment solutions provider offering comprehensive card acceptance and payment processing services tailored for businesses of all sizes across multiple industries including retail, hospitality, and e-commerce. The company is part of U.S. Bank Europe DAC, reflecting a strong financial backing and market presence. Their website demonstrates a professional and consistent brand image with clear service offerings and customer engagement channels. Technically, the site is built on Adobe Experience Manager, leveraging modern web technologies and includes protections such as Google Invisible reCAPTCHA to secure user interactions. Privacy and cookie compliance are well implemented, reflecting adherence to GDPR requirements. Security posture is solid with HTTPS enforced and no obvious vulnerabilities detected, though additional security headers could enhance protection. Overall, the site is trustworthy, user-friendly, and well-positioned to serve its target market effectively.

Infraserv Höchst is a leading industrial site management and service provider specializing in the chemical and pharmaceutical sectors in Germany. The company operates the Industriepark Höchst and offers a broad portfolio of services including site management, energy supply, waste disposal, logistics, occupational safety, environmental protection, facility management, laboratory services, process technology, and education. Their market position is strong as a key infrastructure and service provider for chemical and pharma industries, supported by a large workforce and extensive client references. Technically, the website employs modern web technologies including Usercentrics for consent management, FriendlyCaptcha for bot protection, and Google Tag Manager for analytics. The site is well-structured, mobile-optimized, and provides comprehensive content with clear navigation. Privacy compliance is robust with GDPR-aligned policies and cookie consent mechanisms. Security posture is good with HTTPS enforced and consent management in place, though explicit security headers and a published security policy or incident response contacts are absent. No critical vulnerabilities were detected in the visible content. However, the WHOIS data for the domain is missing, which raises some concerns about domain registration transparency. Overall, the website presents a professional and trustworthy front for a large industrial services company, but the lack of WHOIS data and explicit security policies suggests areas for improvement in transparency and security communication.

G

GIG Karasek GmbH

gigkarasek.at

48

GIG Karasek GmbH is an Austrian-based industrial plant construction company specializing in thermal separation and environmental technologies. The company operates globally and offers a range of services including engineering, production, and technical center support. Their market position is that of a specialized medium-sized enterprise with a strong focus on innovation and quality. The website is built on the HubSpot CMS platform, leveraging modern web technologies and marketing tools, providing a professional and user-friendly experience. Security posture is solid with HTTPS and consent mechanisms in place, though some security headers and policies could be improved. The absence of WHOIS data reduces domain trustworthiness slightly, but the overall business credibility remains high based on website content and branding.

B

BFT GmbH

bft-pumps.com

38

BFT GmbH is an Austrian owner-managed company specializing in manufacturing and supplying high-pressure pumps and accessories for waterjet cutting technology. Positioned as the only independent global supplier in this niche, BFT offers innovative ready-to-use solutions and emphasizes quality, sustainability, and customer service. The website reflects a professional industrial business targeting companies requiring advanced waterjet cutting equipment. Technically, the site is built on WordPress with modern plugins and tracking technologies, providing a good user experience and mobile optimization. Security posture is solid with HTTPS and reCAPTCHA integration, though lacks some advanced security headers and explicit incident response information. Privacy compliance is partially addressed with a privacy policy but lacks cookie consent mechanisms. The domain WHOIS data is missing, which raises some legitimacy concerns, but the business references and content support authenticity. Overall, the site is trustworthy with room for security and compliance improvements.

S

Spessart Tourismus

spessart-tourismus.de

52

Spessart Tourismus operates as a regional tourism promotion entity focusing on the Spessart region in Germany, emphasizing outdoor activities such as hiking and mountain biking. The website serves as an informational and promotional platform targeting tourists interested in nature and cultural experiences. Technically, the site is built on TYPO3 CMS and integrates modern web technologies including Cookiebot for consent management, Facebook Pixel, and Google Tag Manager for analytics and marketing. The site demonstrates good mobile optimization and SEO practices but lacks visible security headers and explicit contact information, which slightly impacts its security posture and business credibility. Privacy compliance is well addressed through comprehensive cookie consent mechanisms and links to detailed privacy policies. Overall, the website is professional, trustworthy, and safe for general audiences.

H

HA Hessen Agentur GmbH

mint-in-hessen.de

62

The website www.mint-in-hessen.de is an official platform managed by HA Hessen Agentur GmbH, affiliated with the Hessian Ministry for Economy, Energy, Transport, Housing and Rural Development. It serves as a comprehensive informational hub for MINT (Mathematics, Informatics, Natural Sciences, Technology) educational and orientation activities in the Hessen region of Germany. The platform targets children, youth, educators, and MINT enthusiasts by providing regional and nationwide offers, event listings, and network information. It also allows providers to register and manage their MINT-related offers and events. Technically, the website employs a moderate technology stack including jQuery, Slick Carousel, FontAwesome, and Shoelace CSS, hosted on netcup servers. The site is mobile-optimized, accessible, and uses HTTPS, but lacks some advanced security headers and cookie consent mechanisms. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site shows good baseline practices such as HTTPS and no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. Privacy compliance is partially met with a privacy policy page but no visible cookie consent banner. Overall, the website is trustworthy, professionally maintained, and serves a clear public educational purpose. It scores well on business credibility and content quality but could improve in security posture and privacy compliance to enhance user trust and regulatory adherence.

Vesuvius is a well-established global leader in metal flow engineering, primarily serving the steel and foundry industries. The company offers a comprehensive range of engineering services and solutions aimed at improving operational efficiency for industrial customers worldwide. The website reflects a mature enterprise with a strong emphasis on investor relations, sustainability, and corporate governance. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and tracking tools, providing a good user experience and mobile optimization. Security posture is solid with HTTPS and some security best practices, though there is room for improvement in explicit security headers and incident response transparency. Overall, the domain registration and WHOIS data align well with the company's identity, supporting high legitimacy and trustworthiness.

S

Samarco

samarco.com

64

Samarco is a Brazilian mining company specializing in the production of iron ore pellets with integrated operations in Minas Gerais and Espírito Santo. The company has an established market presence since its founding in 1977 and targets industrial and energy sectors. The website is professionally designed using WordPress with modern SEO and accessibility features, indicating a mature digital infrastructure. Security posture is generally good with HTTPS and standard marketing/tracking tools implemented, though there is room for improvement in security headers and privacy compliance. The absence of WHOIS registration data raises some concerns about domain legitimacy, but the website content and social media presence support the company's authenticity. Overall, the risk is moderate with recommendations to enhance transparency and security practices.

R

Reframax

reframax.com.br

45

Reframax is a Brazilian company specializing in refractory solutions and industrial services including thermal insulation, electromechanics, and industrial painting. With over 25 years of experience and a client base exceeding 500 customers domestically and internationally, it holds a strong market position in the manufacturing and industrial sectors. The website reflects a professional and well-established business with comprehensive service offerings and a clear focus on quality and compliance. Technically, the site is built on WordPress with modern frameworks and plugins ensuring good performance, mobile optimization, and SEO. Security posture is solid with HTTPS, reCAPTCHA on forms, and no exposed sensitive data, although explicit security policies and incident response contacts are absent. Overall, the site is trustworthy, compliant with privacy regulations, and provides clear contact channels.

S

Skiclub Oberstdorf Veranstaltungs GmbH

skifliegen-oberstdorf.com

58

The website www.skifliegen-oberstdorf.com represents the official online presence for the FIS Ski Flying World Championship 2026 held in Oberstdorf, Germany. Operated by Skiclub Oberstdorf Veranstaltungs GmbH, the site provides comprehensive event information, ticketing details, news updates, and media resources targeting ski flying enthusiasts and winter sports fans. The business operates in the hospitality and event organization sector with a focus on niche winter sports events, leveraging partnerships with regional and international sponsors. The website demonstrates a professional and consistent brand image with clear navigation and relevant content.

T

Tramino

tramino.de

57

Tramino is a small German technology company specializing in web-based software solutions for the tourism industry. Founded in 2008 and based in Oberstdorf, Germany, the company offers a broad portfolio of products including content management systems, reservation and hotel management software, digital signage, customer loyalty programs, and event booking systems. Their market position is that of a regional specialist with a strong focus on tourism-related digital services. The website is professionally designed, mobile-optimized, and provides clear contact information and GDPR-compliant privacy and cookie policies. Technically, the site uses modern JavaScript libraries and asynchronous loading to ensure good performance and user experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some HTTP security headers and explicit security policies are missing. Overall, the website and business present a trustworthy and professional image suitable for their target audience.

D

Deutsches Diabetes-Zentrum (DDZ)

ddz.de

46

The Deutsches Diabetes-Zentrum (DDZ) is a well-established interdisciplinary research institution affiliated with the Leibniz Association and Heinrich-Heine-University Düsseldorf, focusing on diabetes research that integrates molecular, clinical, and epidemiological approaches. The website serves as a comprehensive platform for disseminating research findings, clinical study participation, and public health information targeted at patients, researchers, and the general public. It maintains a strong market position as a reputable non-profit healthcare research center in Germany. Technically, the website is built on a modern WordPress CMS with a robust tech stack including Yoast SEO, WPBakery Page Builder, Matomo analytics, and Vue.js components. The site is hosted likely via GoDaddy infrastructure and demonstrates good mobile optimization and SEO practices, although some accessibility features could be improved. Performance is moderate with a professional design and clear navigation. From a security perspective, the site enforces HTTPS and uses privacy-conscious analytics with cookies disabled. However, it lacks visible security headers and a formal vulnerability disclosure or incident response policy. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is generally good with a comprehensive privacy policy, but the absence of a cookie consent mechanism is a minor gap. Overall, the DDZ website is a professional, trustworthy, and content-rich platform supporting its mission in diabetes research and public engagement. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance its security posture and compliance further.

S

Sportstätten Oberstdorf

nordic-zentrum-oberstdorf.de

54

Nordic Zentrum Oberstdorf is a modern, well-established outdoor and winter sports center located in the Allgäu region of Germany. It serves a diverse audience including professional athletes, families, and outdoor enthusiasts by providing world-class training facilities, event hosting, and recreational activities such as Nordic skiing, laser biathlon, and hiking. The website reflects a professional and comprehensive digital presence with clear navigation, rich content, and a strong focus on user experience. Technically, the site leverages modern JavaScript libraries and a specialized CMS platform (Tramino), with good mobile optimization and performance. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit security policies. Overall, the domain registration and WHOIS data align well with the business, indicating legitimacy and trustworthiness.

O

Oberstdorf Kleinwalsertal Bergbahnen

ok-bergbahnen.com

61

Oberstdorf Kleinwalsertal Bergbahnen operates a professional tourism and mountain transportation website offering cable car and ski lift services in the Oberstdorf and Kleinwalsertal regions. The site targets tourists, families, and outdoor enthusiasts, providing detailed information on activities, events, and membership benefits. Technically, the website uses a mature stack including jQuery, RequireJS, and various UI libraries, with good mobile optimization and accessibility features. Security posture is solid with HTTPS and consent management, though some security headers could be improved. The absence of WHOIS data is a notable concern but does not detract from the overall professionalism of the site. Privacy compliance is well addressed with cookie consent and GDPR indicators. Overall, the site is a reliable digital presence for a regional tourism business.

Eissportzentrum Oberstdorf is a regional ice sports facility located in Oberstdorf, Germany, serving ice skating enthusiasts, sports clubs, schools, and professional athletes. It operates as an ISU Center of Excellence offering ice skating, ice hockey, curling, figure skating training, and hosting various events and camps. The website reflects a well-maintained digital presence with clear navigation, good content quality, and consistent branding. Technically, it uses modern JavaScript libraries and a specialized CMS platform (Tramino), hosted on Speedkom nameservers, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and a comprehensive cookie consent mechanism, though explicit security policies and incident response information are not published. Overall, the site is trustworthy, professional, and compliant with GDPR requirements.

S

Skiclub Oberstdorf Veranstaltungs GmbH

orlen-arena.de

54

The ORLEN Arena Oberstdorf Allgäu website represents a well-established sports and event venue specializing in ski jumping and Nordic sports tourism. The company, Skiclub Oberstdorf Veranstaltungs GmbH, offers a variety of services including arena tours, guided visits, event hosting, gastronomy, and training facilities. The site targets winter sports enthusiasts, tourists, and event organizers, positioning itself as a recognized regional hub with international relevance in winter sports. The business model revolves around facility management, event hosting, and merchandising, supported by an online booking system and fan shop. Technically, the website is built on the Tramino CMS platform, utilizing modern JavaScript libraries such as jQuery, Fancybox, and Slick Carousel. It is hosted on managed IP infrastructure with good mobile optimization and SEO practices. The site employs HTTPS with a solid SSL configuration and includes a comprehensive cookie consent mechanism aligned with GDPR requirements. Google Analytics is used for visitor tracking with appropriate consent controls. From a security perspective, the website demonstrates good practices including secure session cookies and no visible exposure of sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. The absence of advanced security headers suggests room for improvement. Overall, the security posture is solid but could be enhanced with additional measures. The overall risk assessment is low, with no critical vulnerabilities or compliance gaps detected. Strategic recommendations include implementing additional security headers, publishing a security policy and incident response contacts, auditing third-party scripts regularly, enhancing accessibility, and considering a security.txt file for vulnerability reporting. These steps will strengthen trust and security culture while maintaining compliance and operational excellence.

S

Sportstätten Oberstdorf

skiflugschanze-oberstdorf.de

54

Skiflugschanze Oberstdorf operates one of Germany's largest ski flying hills, offering visitors unique experiences including guided tours, events, and virtual reality. The website reflects a medium-sized tourism business with a clear market position in the hospitality and sports sector. Technically, the site uses modern JavaScript libraries and a specialized CMS (Tramino), hosted with Amazon S3 for static assets, and integrates Google Tag Manager and Facebook Pixel for analytics and marketing. Security posture is solid with HTTPS and cookie consent mechanisms, though additional security headers and policies could enhance protection. Overall, the website is professional, accessible, and compliant with GDPR, providing clear contact information and social media presence.

T

Therme Oberstdorf

therme-oberstdorf.de

54

Therme Oberstdorf is a premium wellness and spa destination located in the Allgäu region of Germany, offering a comprehensive range of services including thermal baths, sauna experiences, wellness treatments, and culinary delights inspired by natural elements. The website reflects a well-established business with a clear focus on hospitality and tourism, targeting wellness seekers and active vacationers. The site is professionally designed with excellent content quality, clear navigation, and mobile optimization. Technically, it employs modern web technologies such as jQuery, RequireJS, and lazy loading, hosted partially on Amazon S3 for static assets. Security posture is good with HTTPS enforced and a robust cookie consent mechanism, though some security headers are not visibly implemented. Privacy compliance is strong with a detailed privacy policy and cookie consent management. Contact information is clearly provided, enhancing business credibility.

B

BNP Paribas Asset Management

bnpparibas-am.fr

69

BNP Paribas Asset Management is a leading global asset management firm operating under the BNP Paribas group, targeting professional and institutional investors primarily in France. The website reflects a mature digital presence with a focus on sustainable investment solutions, showcasing a strong market position and comprehensive service offerings. Technically, the site is built on WordPress with modern JavaScript libraries and integrates advanced analytics and consent management tools, indicating a high level of digital maturity. Security posture is robust with HTTPS enforcement and security headers, although explicit security policies and incident response details are not publicly disclosed. Overall, the site is professional, trustworthy, and compliant with privacy regulations, but the absence of WHOIS data and direct contact details slightly reduces transparency.

The website 'cercle-actionnaires.bnpparibas' is a dedicated portal for BNP Paribas shareholders, offering exclusive invitations and advantages aligned with the group's commitments in culture and events. It serves a niche audience of shareholders holding at least 200 BNP Paribas shares, providing a membership model that enhances shareholder engagement through curated events and communications. The site is well-branded, consistent with BNP Paribas corporate identity, and professionally maintained. Technically, the site leverages modern web technologies including React, Matomo analytics, and Google Tag Manager, ensuring a responsive and accessible user experience. The hosting and DNS configurations are consistent with BNP Paribas infrastructure, though DNSSEC is not enabled. Performance and SEO optimizations are good, with mobile optimization and accessibility features implemented. From a security perspective, the site enforces HTTPS and domain registration protections, but lacks visible security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is limited to email and contact forms, with no phone numbers or physical addresses explicitly listed. Overall, the site is trustworthy, secure, and professionally operated, with a high legitimacy score based on WHOIS data and content consistency. Strategic improvements include enabling DNSSEC, adding security headers, and publishing security and incident response policies to enhance transparency and security posture.

M

Main-Kinzig-Kreis

mkk.de

64

The Main-Kinzig-Kreis website serves as the official digital presence of the regional government authority in Germany, providing comprehensive public services, news, and information to residents, businesses, and visitors. The site offers a broad range of services including citizen support, administrative information, career opportunities, and public announcements, positioning itself as a key regional government resource. Technically, the website employs a modern tech stack with Bootstrap, jQuery, and accessibility tools like ReadSpeaker, alongside privacy-conscious analytics via self-hosted Matomo and consent management through Usercentrics. Security posture is adequate with HTTPS and consent mechanisms in place, though improvements are recommended in security headers and incident response transparency. Overall, the site demonstrates good content quality, professional design, and strong business credibility consistent with a government entity.

W

Work in Simcoe County – Local Job Board – Explore Jobs In Simcoe County, Barrie and Orillia

workinsimcoecounty.ca

60

Work in Simcoe County is a local job board website dedicated to providing employment opportunities within the Simcoe County region, including Barrie and Orillia. The platform targets local job seekers and employers, offering a niche service focused on regional employment. The website is built on WordPress and leverages common web technologies such as jQuery, Google Analytics, Google Tag Manager, and reCAPTCHA v3 to enhance user experience and security. The technical infrastructure is typical for small to medium-sized local business websites, with moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled and bot protection via reCAPTCHA; however, the absence of DNSSEC and security headers indicates room for improvement. Privacy compliance is weak due to the lack of privacy and cookie policies, which could expose the business to regulatory risks. Overall, the website appears legitimate and functional but would benefit from enhanced security and privacy practices.

BNP Paribas is a leading European banking group with a strong international presence, offering a wide range of financial services including retail banking, corporate banking, asset management, and investor relations. The website serves as a comprehensive investor relations portal providing financial results, regulatory disclosures, shareholder communications, and governance information targeted at individual shareholders, analysts, and institutional investors. The site is professionally designed with consistent branding and high-quality content, reflecting the bank's market position and commitment to transparency. Technically, the website uses modern JavaScript frameworks and analytics tools like Matomo, ensuring good mobile optimization and user experience. Security posture is solid with HTTPS enforced and domain protections in place, though improvements such as enabling DNSSEC and publishing security policies could enhance trust further. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the website is trustworthy, professional, and aligns well with BNP Paribas's corporate identity and business objectives.

C

Corellium

corellium.com

79

Corellium is a technology company specializing in virtual hardware solutions for iOS, Android, and Arm devices. Their platform accelerates security testing, research, and DevSecOps processes for security teams, mobile pentesters, software developers, enterprises, and government agencies. The company offers a range of products and solutions including mobile app pentesting, vulnerability research, malware analysis, IoT DevOps, automotive systems virtualization, and security training. Their MATRIX automation tool further enhances security testing and reporting capabilities. The website is professionally designed, mobile-optimized, and provides comprehensive content relevant to their target audience. The technical infrastructure leverages HubSpot CMS, Google Tag Manager, Intercom, and other modern web technologies, ensuring good performance and SEO optimization. Security posture is strong with HTTPS, security headers, and privacy compliance mechanisms in place, though explicit incident response and vulnerability disclosure information are not publicly available. Overall, Corellium presents a credible and trustworthy digital presence with a focus on advanced security and development tools for virtual hardware.

A

APE.com

ape.com

47

APE.com is an ecommerce platform specializing in the sale of SMT rework systems, accessories, and related manufacturing tools. The company targets manufacturing professionals and electronics repair technicians, offering a niche range of products such as rework stations, soldering tips, and flux solutions. The website is built on the osCommerce 4.0 platform, featuring a professional design, clear navigation, and mobile optimization. Contact information including a sales email and phone number is prominently displayed, supporting customer engagement. However, the absence of WHOIS registration data raises questions about domain legitimacy, though the website content and business presence suggest a legitimate operation. Security measures include HTTPS enforcement and CSRF protection on forms, but lack of security headers and privacy policies indicate areas for improvement. Overall, the site demonstrates moderate technical maturity and business credibility but would benefit from enhanced privacy compliance and security hardening.

T

TU9-Allianz

tu9.de

47

TU9-Allianz is a prestigious alliance of leading technical universities in Germany, including RWTH Aachen, TU Berlin, TU Braunschweig, TU Darmstadt, TU Dresden, Leibniz Universität Hannover, KIT, TU München, and Universität Stuttgart. The alliance focuses on cutting-edge research, innovation, and education in engineering and natural sciences, fostering international collaboration and promoting the German engineering brand globally. The website serves as an information hub for academic partners, students, and industry collaborators, showcasing current projects, policy positions, and alliance activities. Technically, the website employs modern web standards with responsive design, uses JavaScript libraries such as jQuery and Slick Carousel, and integrates Matomo for analytics, reflecting a moderate to advanced digital maturity. Hosting and DNS infrastructure appear to be managed by university or academic networks, ensuring reliability and institutional trust. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and explicit incident response or vulnerability disclosure policies, which are recommended for enhanced security posture. Privacy compliance is partially addressed with a privacy policy present, but no cookie consent mechanism was detected, which may be a compliance gap under GDPR. Overall, the website is professional, trustworthy, and well-aligned with its academic mission. Strategic improvements in privacy compliance and security transparency would further strengthen its risk profile and user trust.

G

GIG Karasek GmbH

gigkarasek.com

48

GIG Karasek GmbH is an Austrian-based industrial plant construction company specializing in thermal separation and environmental technologies. The company operates globally and offers a range of services including engineering, production, and technical center support. Their market position is that of a specialized B2B supplier with a strong focus on innovation and quality. The website reflects a mature digital presence using HubSpot CMS and integrates modern marketing and analytics tools. Security posture is good with HTTPS and secure form handling, though some security headers could be improved. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The domain WHOIS data is missing, which is unusual and slightly impacts trust, but the overall business credibility remains high due to professional content and clear contact information.

S

Soley

soley.io

71

Soley is a German-based technology company specializing in transforming complex product data into actionable business value through their Product Mining platform. They serve manufacturing enterprises aiming to optimize product portfolios, improve profitability, and enhance resilience. The company is recognized as an innovative SAP partner, having won the SAP Innovation Award 2024. Technically, the website is built on HubSpot CMS with modern libraries and includes cookie consent and analytics integrations, reflecting a mature digital presence. Security posture is good with HTTPS and consent mechanisms, though some security headers could be improved. WHOIS data is incomplete, which slightly reduces trust but does not outweigh the professional presentation and business credibility. Overall, Soley presents a strong, trustworthy B2B SaaS offering with a focus on manufacturing sector digital transformation.

W

Welt der Wunder Sendebetrieb GmbH

weltderwunder.de

48

Welt der Wunder Sendebetrieb GmbH operates a German-language media website focused on delivering educational and scientific content to a broad audience. The platform offers news, stories, and live TV streaming centered on research and knowledge dissemination. It holds a solid market position as a reputable media brand in Germany, leveraging multiple social media channels and a professional web presence. Technically, the website is built on WordPress 6.8.2 with modern plugins such as Yoast SEO and Elementor, hosted on AWS infrastructure. It employs standard web technologies including jQuery, Bootstrap, and Google Analytics for performance and user engagement tracking. The site demonstrates good mobile optimization and SEO practices, although accessibility features are basic. From a security perspective, the site enforces HTTPS and uses consent management tools compliant with GDPR. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected, but security headers could be improved to enhance protection. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations. It is suitable for general audiences with safe content. Strategic improvements in security transparency and accessibility would further strengthen its posture.

BNP Paribas is a major European and international banking group with a diversified business model covering corporate, institutional, commercial, personal banking, and investment services. The website reflects a mature digital presence with comprehensive content on governance, sustainability, innovation, and career opportunities. The technical infrastructure uses modern analytics and consent management tools, with good mobile optimization and SEO practices. Security posture is strong with HTTPS, domain locking, and cookie consent, though DNSSEC is not enabled and explicit security policies are not publicly detailed. Overall, the site is professional, trustworthy, and well-aligned with the company's business identity.

H

Herzenssache e.V.

herzenssache.de

57

Herzenssache e.V. is a well-established non-profit organization dedicated to supporting children and youth in the German regions of Baden-Württemberg, Rheinland-Pfalz, and Saarland. The website reflects a strong partnership with regional media (SWR) and financial institutions (Sparda-Bank), positioning it as a trusted charity with a clear mission to fund and promote social projects. The content is professionally presented, with excellent design, navigation, and relevant information for donors and participants. Technically, the site uses modern web technologies and integrates analytics and media players effectively, though it lacks an explicit cookie consent mechanism which is a minor GDPR compliance gap. Security posture is strong with HTTPS and no visible vulnerabilities, but could be improved by adding explicit security headers and incident response contacts. Overall, the site is trustworthy, user-friendly, and serves its charitable purpose well.

B

BNP Paribas Asset Management

bnpparibas-am.de

71

BNP Paribas Asset Management is a leading global asset management firm with a strong focus on sustainable investment solutions. The German institutional investor website presents a professional and well-structured platform targeting institutional clients in Germany. The site highlights BNP Paribas AM's commitment to sustainability and offers a range of asset management services. Technically, the website is built on WordPress, leveraging modern JavaScript libraries and Adobe's digital marketing tools, ensuring good performance, SEO, and mobile responsiveness. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, although explicit security policies and incident response information are not publicly detailed. Overall, the website reflects a mature digital presence consistent with a large financial institution, though the lack of WHOIS data limits full domain trust verification.

R

Red.es

red.es

69

Red.es is a Spanish government entity under the Ministry of Economic Affairs and Digital Transformation, dedicated to promoting digital transformation across businesses, citizens, and public administrations. The website serves as a comprehensive portal for initiatives, news, and resources related to digital innovation and funding programs in Spain. The site is well-structured, professionally designed, and targets a broad audience including SMEs, entrepreneurs, and public sector entities. Technically, the website is built on Drupal 10 with modern front-end frameworks like Bootstrap 4.6 and utilizes Google Tag Manager for analytics. It demonstrates good mobile optimization, accessibility, and SEO practices. Security measures include HTTPS enforcement, cookie consent management, and antibot protections on forms. However, some security headers could be improved. The security posture is strong with multiple certifications such as ISO 27001 and compliance with the Spanish National Security Scheme (ENS). No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is robust with clear GDPR-aligned policies and cookie management. Overall, the website reflects a mature digital presence consistent with a government agency, with high trustworthiness and professionalism. The domain WHOIS data is restricted as per .es domain policies, which is typical and appropriate for this entity.

А

Агенција за безбједност саобраћаја Републике Српске

bslzrs.org

44

The website bslzrs.org represents the Agency for Traffic Safety of Republika Srpska, Bosnia and Herzegovina. It primarily serves as an informational platform for the XIV International Conference on Traffic Safety in Local Communities, providing detailed content about traffic safety statistics, conference agenda, speakers, thematic areas, and organizational committees. The agency operates as a governmental and non-profit entity focused on improving traffic safety through research, awareness, and collaboration with regional and international partners. The website targets professionals, researchers, and government officials involved in traffic safety and local community development. Technically, the website employs a modern frontend stack including Bootstrap 4, jQuery, Slick Carousel, and Google Maps API integration. It is hosted on Bitlab Hosting and demonstrates moderate performance with good mobile optimization. However, accessibility and SEO optimizations are basic, and no CMS or advanced platforms are detected. The site lacks analytics and tracking scripts, indicating minimal user tracking. From a security perspective, the site uses HTTPS with a valid SSL certificate but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. No privacy or cookie policies are present, which is a compliance gap. The WHOIS data shows privacy protection and a recent domain registration date, which is somewhat inconsistent with the historical content but not necessarily suspicious. No WAF or blocking mechanisms are detected, and the site is fully accessible. Overall, the website is professional and trustworthy with good content quality and business credibility. However, it requires improvements in privacy compliance, security headers, and transparency to enhance its security posture and regulatory adherence.

D

Deutscher Hochschulverband

hochschulverband.de

60

The Deutscher Hochschulverband (DHV) is a well-established professional association representing scientists and academics in Germany. The website serves as a comprehensive portal offering legal advice, coaching, seminars, and career support tailored to the academic community. It maintains a strong market position as a key stakeholder in German higher education and research sectors, with a large membership base and diverse service offerings. The site is professionally designed, well-branded, and targets academic professionals effectively. Technically, the website is built on the TYPO3 CMS platform, leveraging privacy-conscious analytics via Matomo and hosted on reputable infrastructure (NetCologne). The site demonstrates good performance, mobile optimization, and accessibility standards. It employs modern web technologies and maintains clear navigation and SEO best practices. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms, and disables cookies in analytics by default, reflecting a strong privacy posture. However, it lacks explicit security policy documentation and incident response contacts, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is trustworthy, compliant with GDPR, and professionally managed, making it a reliable resource for its target audience. Strategic improvements in security transparency and incident response readiness are recommended to further enhance trust and compliance.

А

Агенција за безбједност саобраћаја Републике Српске

absrs.org

48

The website absrs.org represents the Агенција за безбједност саобраћаја Републике Српске, a government agency dedicated to traffic safety in Republika Srpska, Bosnia and Herzegovina. The agency provides comprehensive information on traffic laws, safety campaigns, licensing procedures, and statistical data to support safer road usage. The site targets the general public, local communities, and government stakeholders, positioning itself as an authoritative source for traffic safety in the region. Technically, the website employs a moderate technology stack including Bootstrap for responsive design, jQuery, Slick Carousel, and Fancybox for UI elements, alongside Google Fonts and Google Analytics for tracking. Hosting is managed by BitLab, with domain registration dating back to 2012, indicating an established presence. The site is accessible, mobile-optimized, and features clear navigation, although some SEO and accessibility features are basic. From a security perspective, the site uses HTTPS URLs but lacks DNSSEC and explicit security headers, which are recommended for enhanced protection. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Google Analytics is implemented via an older ga.js script, and no cookie consent mechanism is detected. The WHOIS data is transparent and consistent with the agency's government status, supporting legitimacy. Overall, the website is functional and trustworthy as a government information portal but would benefit from improved security practices and privacy compliance to enhance user trust and regulatory adherence.

N

Nelnet, Inc.

nelnetinvestors.com

65

Nelnet, Inc. operates a comprehensive investor relations website providing detailed financial information, corporate governance documents, and shareholder communications. The company is positioned as a large, diversified entity primarily engaged in loan servicing, education technology, payment processing, and investments in communications and renewable energy sectors. The website targets investors, shareholders, and financial analysts with a professional and content-rich platform. Technically, the site leverages the Q4 Inc investor relations platform with modern JavaScript libraries and is optimized for accessibility and mobile use. Security posture is strong with HTTPS, anti-CSRF tokens, and cookie consent mechanisms, though some HTTP security headers are not explicitly detected. Privacy compliance is well addressed with clear policies and GDPR indicators. The absence of WHOIS data for the domain is a notable anomaly but does not detract significantly from the overall legitimacy given the professional content and official filings presented.

W

Wirtschaftsförderungsgesellschaft des Landkreises Schwäbisch Hall mbH

heimat-kaufen.de

67

Heimat-kaufen.de is a regional voucher system platform aimed at supporting local businesses, service providers, and gastronomy in the Landkreis Schwäbisch Hall, Germany. The website is operated by the Wirtschaftsförderungsgesellschaft des Landkreises Schwäbisch Hall mbH and collaborates with regional financial institutions such as Sparkasse Schwäbisch Hall Crailsheim and Volksbank Heilbronn Schwäbisch Hall eG. The platform offers various voucher products including employer vouchers, city vouchers, and opportunities for businesses and municipalities to participate, thereby fostering local economic retention and growth. Technically, the website employs modern JavaScript libraries such as jQuery and Slick Carousel, integrates Matomo for privacy-conscious analytics, and implements cookie consent mechanisms in compliance with GDPR. The site is mobile-optimized and features a clear navigation structure, although accessibility features are basic. Hosting details are consistent with the domain's regional focus, and the site uses HTTPS with good SSL configuration. From a security perspective, the site enforces HTTPS and cookie consent but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is strong with a comprehensive privacy policy and cookie consent banner. However, the absence of terms of service and vulnerability disclosure policies is noted. Overall, the website presents a trustworthy and professional digital presence for a regional economic initiative. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and adding terms of service to improve legal clarity and user trust.

W

Wildtierportal Baden-Württemberg

wildtierportal-bw.de

64

The Wildtierportal Baden-Württemberg is an official government-affiliated online platform providing comprehensive information on wildlife species, hunting regulations, and research activities within the Baden-Württemberg region of Germany. It serves both the general public interested in wildlife and registered hunters who can access an internal area for managing hunting grounds and reporting. The website is well-structured, professionally designed, and offers detailed content relevant to its audience. Technically, it employs modern web technologies including the Yii PHP framework, jQuery, Bootstrap, and slick carousel for UI components, hosted on Microsoft Azure DNS infrastructure. The site is mobile-optimized and includes a cookie consent mechanism compliant with GDPR standards. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although some HTTP security headers could be improved. No direct contact emails or phone numbers are published; contact is facilitated via a web form. No security policy or incident response information is publicly available. The domain WHOIS data aligns with the official nature of the site, showing consistent registration and DNS setup. Overall, the platform demonstrates a mature digital presence suitable for a government information portal with good trust indicators and compliance.

F

ForstBW

forstbw.de

53

ForstBW is a large government-related organization responsible for the ecological, social, and sustainable management of the state forests in Baden-Württemberg, Germany. The website clearly targets residents, forest owners, environmentalists, and educators with a comprehensive range of services including forest management, wood sales, hunting and fishing permits, environmental protection projects, and educational programs. The organization holds recognized certifications such as Gemeinwohlbilanzierung and the Deutscher Nachhaltigkeitspreis, reinforcing its commitment to sustainability and compliance. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries and Matomo for privacy-conscious analytics. The site is well-optimized for mobile devices and accessibility, with good SEO practices and a professional design. Performance is moderate, with no critical technical issues detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a formal vulnerability disclosure policy. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, but the absence of a cookie consent mechanism is a notable gap. Contact information is primarily via web forms, with no direct emails or phone numbers visible. Overall, ForstBW's website presents a trustworthy, professional, and secure digital presence appropriate for a public sector entity. Strategic improvements in cookie consent, security headers, and incident response transparency would further enhance its security posture and user trust.

Р

Републичка управа за геодетске и имовинско-правне послове

rgurs.org

58

The website rgurs.org represents the official portal of the Republika Srpska Republic Administration for Geodetic and Property-Legal Affairs, a government entity responsible for cadastral and property rights management in Republika Srpska, Bosnia and Herzegovina. The site provides access to various e-services including cadastral data, property registries, licensing, and public procurement information. It targets citizens, legal entities, and professionals involved in geodetic and property-related activities. The business model is that of a public service institution with a medium-sized operational scope and a history dating back to 2006. Technically, the website employs modern frontend technologies such as Bootstrap 4, jQuery, and Slick Carousel, ensuring a responsive and user-friendly interface. However, no CMS or advanced analytics tools are detected, indicating a custom or lightweight platform. Performance is moderate with good mobile optimization but basic accessibility and SEO features. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and visible security headers, which are recommended for enhanced security. There is no evidence of privacy or cookie policies, GDPR compliance statements, or incident response contacts, which are critical for regulatory compliance and user trust. No contact emails or phone numbers are explicitly provided, limiting direct communication channels. Overall, the website is a legitimate government portal with good content quality and business credibility but requires improvements in privacy compliance, security best practices, and transparency to enhance trust and regulatory adherence.

U

Ured za zekat

zekat.ba

58

The website zekat.ba serves as an informational and transactional platform for Zekat, an Islamic charitable practice, primarily targeting the Bosnian Muslim community. It provides current nisab values, educational content, a Zekat calculator, and facilitates online payments through a partner site. The site is operated by 'Ured za zekat', a non-profit religious organization. The website demonstrates a moderate level of digital maturity with modern JavaScript usage, integration of Google Analytics and Meta Pixel for tracking, and a cookie consent mechanism. However, it lacks explicit privacy and security policies, and no direct contact information is provided on the site. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, but the absence of security headers and incident response information are notable gaps. Overall, the site is functional and trustworthy for its niche audience but would benefit from enhanced transparency and security documentation.