Security Directory

S

syndicom

syndicom.ch

0

syndicom is a prominent Swiss trade union representing employees in logistics, information and communication technology, and media sectors. The organization advocates for fair working conditions, social justice, and responsible technological progress. It offers services such as collective bargaining, legal advice, education, and campaigns to its members. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support, targeting employees and stakeholders in Switzerland. Technically, the site is built on WordPress with modern SEO and analytics tools integrated, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though formal security policies and incident response contacts are not publicly disclosed. Overall, the domain registration aligns with the organization's identity, supporting legitimacy and trustworthiness.

M

Migros Verteilbetrieb AG

mvb.ch

0

Migros Verteilbetrieb AG is a leading logistics company within the Migros Group, specializing in storage, packaging, picking, and distribution of a wide range of products including food, textiles, and frozen goods. It operates multiple large distribution centers in Switzerland, serving hundreds of Migros stores and migrolino shops daily. The company is well-established with over 50 years of operational history, positioning itself as a key logistics partner in the Swiss retail sector. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and OwlCarousel, and is built on the Umbraco CMS platform. The site is mobile-optimized, uses HTTPS, and includes cookie consent mechanisms compliant with GDPR. While the site lacks explicit security headers and detailed security policies, it demonstrates a solid baseline security posture with no evident vulnerabilities or exposed sensitive data. From a security perspective, the website benefits from HTTPS encryption and cookie consent but could improve by implementing additional HTTP security headers and publishing incident response or security policies. No WAF or blocking mechanisms were detected, and the domain registration data aligns well with the business identity, indicating high legitimacy. Overall, the website is professional, trustworthy, and well-suited for its business purpose. Strategic recommendations include enhancing security headers, improving accessibility, and publishing explicit security and incident response information to further strengthen trust and compliance.

AutoScout24.ch is a leading online automotive marketplace in Switzerland, offering vehicle listings for buyers and sellers. The platform is part of Scout24 AG, a reputable company in the digital classifieds sector. The website employs modern web technologies such as React and Next.js and is protected by Cloudflare's security services, including Turnstile captcha, indicating a strong focus on security and bot mitigation. However, the current content is inaccessible due to the Cloudflare WAF challenge, limiting the ability to fully assess the website's content, privacy policies, and user experience. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the website appears to be a professional and established platform in the transportation sector, but the security challenge page restricts comprehensive analysis.

Auto Schmid AG operates as an authorized Mercedes-Benz dealership in Switzerland, providing a comprehensive range of automotive services including new and used vehicle sales, leasing, financing, and after-sales services. The company benefits from strong brand association with Mercedes-Benz Schweiz AG, leveraging official product information and service offerings. The website targets car buyers and Mercedes-Benz customers in the Swiss market, offering a professional and user-friendly digital experience. Technically, the website is built on a modern stack including Vue.js and Web Components, hosted on Mercedes-Benz's OneWeb platform with Adobe Experience Manager as the CMS. It demonstrates good performance, mobile optimization, and accessibility. The site employs advanced analytics and marketing tools such as Google Analytics 360, Datadog RUM, and Salesforce marketing suites, with appropriate cookie consent mechanisms. From a security perspective, the site enforces HTTPS, uses strong security headers, and avoids exposing sensitive data. However, it lacks explicit security policy and incident response information, which could be improved. Privacy compliance is robust, with comprehensive privacy and cookie policies aligned with GDPR and Swiss data protection laws. Contact information is transparent and complete, including a named data protection officer. Overall, the website presents a trustworthy, professional, and secure online presence for Auto Schmid AG, supporting its business objectives effectively. Strategic enhancements in security transparency and incident response readiness would further strengthen its posture.

B

Busbetrieb Aarau AG (BBA)

busaarau.ch

0

Busbetrieb Aarau AG (BBA) is a regional public transportation company operating bus services in Aarau, Switzerland. The company provides comprehensive transit services including bus lines, schedules, ticketing options, and customer support. Their website is designed to serve local commuters and visitors with real-time information and service updates. The business operates in the transportation sector with a medium-sized organizational footprint and a clear focus on regional mobility solutions. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and analytics tools such as Matomo and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and uses a secure CMS platform but lacks some advanced security headers and does not publish a formal security or incident response policy. Privacy compliance is partially addressed with a privacy policy and cookie information, though no explicit cookie consent mechanism is present. Overall, the website is professional, trustworthy, and well-aligned with the company's business objectives.

D

DB InfraGO AG

dbinfrago.com

0

DB InfraGO AG is a subsidiary of Deutsche Bahn focused on the future of railway infrastructure in Germany. The company aims to set new standards in efficient and climate-friendly railway infrastructure management. The website reflects a professional and comprehensive digital presence with strong branding consistent with Deutsche Bahn. The technical infrastructure uses CoreMedia CMS, Matomo analytics, and Usercentrics for cookie consent, indicating a mature digital setup with GDPR compliance. Security posture is strong with HTTPS and modern best practices, though explicit security headers and incident response information are not clearly published. The absence of WHOIS registration data for the domain www.dbinfrago.com is a notable concern, potentially indicating privacy protection or an unregistered domain, which slightly reduces trust from a domain registration perspective. Overall, the website is well-structured, accessible, and trustworthy in content and design, serving business and stakeholder audiences in the German transportation sector.

D

DB Bus Challenge

db-bus-challenge.de

0

The website 'DB Bus Challenge' is an interactive online game designed to engage users by simulating bus transportation challenges, likely related to Deutsche Bahn's bus services in Germany. The site targets a general audience interested in public transportation and casual gaming. The business model appears promotional, aiming to increase engagement and brand awareness rather than direct sales. The website is relatively small in scale with basic content and moderate branding consistency. Technically, the site uses a JavaScript-based frontend with RequireJS and jQuery, implementing device detection and responsive design for mobile optimization. Performance is moderate with basic SEO and accessibility features. No CMS or backend technologies are evident from the HTML content. Hosting details are limited but DNS servers indicate a standard hosting environment. From a security perspective, the site uses HTTPS but lacks visible security headers and formal privacy or cookie policies, which are critical for GDPR compliance given the European audience. No contact or incident response information is provided, limiting transparency and trust. No vulnerabilities or exposed sensitive data were detected in the static content. Overall security posture is average but could be improved with standard best practices. The overall risk is moderate with no critical issues detected. Strategic recommendations include adding privacy and cookie policies, improving security headers, providing clear contact and incident response information, and enhancing SEO and accessibility. These improvements would increase user trust, compliance, and security maturity.

D

DB Fernverkehr AG

der-kleine-ice.de

0

Der kleine ICE is a child-focused online platform operated by DB Fernverkehr AG, a subsidiary of Deutsche Bahn AG, providing educational and entertaining content such as games, stories, comics, and audio plays centered around train characters. The website serves as a brand engagement tool targeting children and families, enhancing Deutsche Bahn's market presence in the transportation sector through family-friendly digital content. Technically, the site is built on WordPress with modern web technologies including jQuery and CSS3, hosted via EuroDNS nameservers. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and explicit cookie consent mechanisms. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, though cookie consent is missing. Overall, the site is professional, trustworthy, and safe for its target audience.

C

cyber-Wear Heidelberg GmbH

bahnshop.de

0

bahnshop.de is the official merchandise e-commerce platform for Deutsche Bahn, operated by cyber-Wear Heidelberg GmbH. The website offers a wide range of branded products including collectibles, travel accessories, family and kids items, and other merchandise targeted at Bahn fans, travelers, and families. It holds a strong market position as the official shop for Deutsche Bahn merchandise, leveraging the brand's reputation and customer base. The business model focuses on online retail with customer account management and a comprehensive product catalog. The site is well-branded, consistent, and professionally maintained with a medium-sized operational scale and a founding date around 2014. Technically, the website is built on the Shopware CMS platform, utilizing modern web technologies such as JavaScript, CSS3, and HTML5. It integrates Google Tag Manager and Google Analytics for marketing and analytics purposes, and PayPal Unified for payment processing. Hosting is managed via EuroDNS nameservers, indicating a stable and professional hosting environment. The site demonstrates good mobile optimization, accessibility, and SEO practices, with moderate performance. From a security perspective, the site enforces HTTPS, uses CSRF tokens on forms, and implements cookie consent mechanisms compliant with GDPR. Security headers are present but could be enhanced with additional policies like Content-Security-Policy. No vulnerabilities or exposed sensitive data were detected in the HTML content. However, the site lacks a published security.txt or explicit incident response contact information, which could improve transparency and security posture. Overall, bahnshop.de presents a low-risk profile with strong business credibility, good technical implementation, and solid privacy compliance. Strategic recommendations include publishing a security.txt file, enhancing security headers, and providing incident response contacts to further strengthen trust and security readiness.

H

HŽ Infrastruktura d.o.o.

hzinfra.hr

0

HŽ Infrastruktura d.o.o. is a Croatian state-owned enterprise responsible for organizing, regulating, maintaining, and constructing railway infrastructure, which is a public good. The website serves as an informational portal primarily targeting Croatian railway users and stakeholders. Technically, the site is built on WordPress using the Divi theme, incorporating standard web technologies such as jQuery and Google Fonts. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. Security posture is moderate with HTTPS presumably enabled but lacking visible security headers and explicit security policies. Privacy compliance is limited, with no privacy or terms of service pages detected, though a cookie consent mechanism is present. Overall, the domain registration data aligns well with the business entity, supporting legitimacy. Strategic improvements in privacy transparency, security headers, and contact information visibility are recommended to enhance trust and compliance.

PostNord International is a leading logistics and postal service provider focused on delivering borderless e-commerce solutions globally. The company offers customizable logistics services that enable clients to expand their markets worldwide, targeting e-commerce businesses and retailers. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support, indicating a global audience. The technical infrastructure leverages modern technologies including Episerver CMS, Azure hosting, and advanced analytics tools such as Google Analytics and Microsoft Application Insights, demonstrating a commitment to performance monitoring and user experience optimization. Security posture is strong with HTTPS enforcement, comprehensive security headers, and cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly detailed. Overall, the website and business presence indicate a reputable and established enterprise with a focus on compliance and user privacy.

Gorivo.com operates as a regional ride-sharing platform primarily serving Croatia and neighboring countries. It facilitates peer-to-peer transportation by allowing users to offer and request rides, focusing on routes within Croatia and nearby European nations. The platform has been active since 2003, indicating a mature presence in its niche market. The website's business model centers on connecting drivers and passengers, providing a cost-effective and community-driven transportation alternative. Its market position is niche but stable, targeting individuals seeking carpooling options in the region. Technically, the website is built on ASP.NET WebForms with supporting libraries such as jQuery and Bootstrap, reflecting a legacy but functional technology stack. The site includes standard web fonts, UI components, and Google Adsense for monetization. Performance and mobile optimization are basic, with room for modernization. The site employs cookie consent mechanisms and basic privacy compliance features, though lacks advanced SEO and accessibility optimizations. From a security perspective, the site uses HTTPS and has domain transfer protections in place, but lacks advanced security headers and DNSSEC. No explicit security or incident response policies are published, which could be a gap in compliance and trust. Advertising practices involve multiple ad networks and tracking vendors, indicating moderate user tracking. The overall security posture is average, with recommendations to enhance headers, enable DNSSEC, and publish security policies. Overall, Gorivo.com presents a functional but basic digital presence with moderate trustworthiness and compliance. Strategic improvements in security, privacy transparency, and technical modernization would enhance its risk profile and user confidence.

H

Vozni red vlakova | Udaljenosti.com

hznet.hr

0

Udaljenosti.com is a Croatian travel information website specializing in train schedules and travel planning for Croatian Railways. It targets travelers and commuters in Croatia, providing distance calculations and schedule lookups. The site operates primarily on an advertising revenue model and has been active since at least 2012. Technically, it uses a mix of legacy and modern web technologies including Google Fonts, Leaflet maps, Google Maps API, and Google Analytics. The site implements a cookie consent mechanism and integrates multiple advertising and tracking services. Security posture is moderate but could be improved by updating outdated libraries and adding security headers. WHOIS data is unavailable, which raises some concerns about domain legitimacy despite the active and functional website. Overall, the site is functional and provides relevant content but should address security and legitimacy concerns for improved trust.

H

Hrvatski Telekom d.d.

akz.hr

0

The website www.akz.hr serves as the official online platform for the Zagreb Bus Station, providing extensive bus ticketing services across Croatia and neighboring countries. It offers users the ability to search for bus schedules, purchase tickets online up to 15 minutes before departure, and access real-time status updates for arrivals and departures. The platform supports mobile app integration, enhancing accessibility for travelers. The business is positioned as a key transportation service provider in the region, backed by Hrvatski Telekom d.d., a reputable Croatian telecommunications company. Technically, the website employs standard web technologies including HTML5, CSS3, and JavaScript, with integrations of Google Tag Manager and Google Analytics for marketing and analytics purposes. Hosting is managed by Hrvatski Telekom with Cloudflare DNS services, ensuring reliable domain resolution. The site demonstrates moderate performance and good mobile optimization, though accessibility features are basic. SEO practices are adequately implemented with proper meta tags and Open Graph data. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers such as Content Security Policy and HSTS, which are recommended for enhanced protection. Privacy compliance is limited due to the absence of a visible privacy policy and terms of service, representing a compliance gap especially under GDPR. No incident response or vulnerability disclosure information is provided. Overall, the website is trustworthy and professionally maintained, with a strong business credibility score. Strategic improvements in privacy policy publication, security header implementation, and comprehensive compliance documentation would elevate its security posture and user trust.

J

Jadrolinija

jadrolinija.hr

0

Jadrolinija is Croatia's largest passenger shipping company, providing ferry and catamaran transport services connecting numerous local and international destinations. The company operates a comprehensive online platform offering schedule information, ticket purchasing, and prepaid travel card services, targeting both local residents and tourists. The website reflects a mature digital presence with consistent branding and a focus on user convenience. Technically, the website employs modern web technologies including jQuery, Plyr video player, and Swiper sliders, alongside Google Fonts and accessibility tools. It is hosted under a Croatian academic network registrar, indicating a stable and regionally appropriate hosting environment. The site is mobile-optimized and accessible, with good SEO practices and performance. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. However, it lacks explicit published security policies, incident response plans, and vulnerability disclosure information. The use of third-party tracking pixels from Google, Meta, and TikTok indicates moderate user tracking, balanced by privacy controls. Overall, Jadrolinija's website is professional, trustworthy, and well-aligned with its business objectives. Strategic improvements in security transparency and incident readiness would enhance its security posture and user trust further.

T

Tschudi Logistics Holding AS

tschudilogistics.com

0

Tschudi Logistics Holding AS is a well-established Norwegian logistics company with over 140 years of experience, specializing in multimodal transport solutions including project logistics, ocean, road, rail, air, and short sea shipping. The company emphasizes Nordic quality combined with global reach, serving businesses requiring tailored logistics services. Their website reflects a professional and consistent brand image with clear service offerings and a portfolio showcasing past projects. Technically, the site is built on Webflow with modern analytics and marketing tools, optimized for performance and mobile use. Security posture is good with HTTPS and no visible vulnerabilities, though security headers and incident response contacts are lacking. Privacy compliance is basic with policies present but no active cookie consent mechanism. The absence of WHOIS registration data is a notable concern, potentially impacting trustworthiness. Overall, the website is professional and credible but would benefit from improved transparency and enhanced security disclosures.

H

Hrvatski autoklub

revijahak.hr

0

Revija HAK is an online magazine operated by Hrvatski autoklub, focusing on automotive news, traffic safety, and vehicle maintenance primarily for the Croatian market. The website serves as a content hub for drivers and HAK members, offering news articles, educational tests, and links to official HAK services including membership and webshop. The site is well-branded and professionally designed, targeting Croatian drivers and automotive enthusiasts with relevant and timely content. Technically, the website is built on WordPress with common plugins such as Yoast SEO for search optimization, Advanced Ads for advertising management, and Eightshift GDPR for cookie consent compliance. It uses Cloudflare DNS and is hosted via the Croatian registrar cyber_Folks d.o.o. The site is mobile-optimized and features a clear navigation structure with categorized content sections. Performance is moderate with standard modern web technologies. From a security perspective, the site enforces HTTPS and implements GDPR cookie consent with a detailed modal allowing users to select cookie preferences. However, explicit security headers are not detected, and there is no published security policy or incident response information. No vulnerabilities or exposed sensitive data were found in the HTML content. The WHOIS data is consistent with the business entity and geographic location, supporting legitimacy. Overall, the website presents a low-risk profile with good business credibility and technical implementation. Recommendations include publishing privacy and security policies, adding security headers, and establishing a vulnerability disclosure process to enhance trust and compliance.

K

Kiwi.com

skypicker.com

0

Kiwi.com is a prominent online travel agency specializing in providing cheap flights, hotels, and car rental services globally. The platform offers a user-friendly interface with advanced search capabilities including flexible dates and map-based destination exploration. It is trusted by millions and provides additional services such as disruption protection and 24/7 customer support. The website demonstrates a mature digital presence with consistent branding and comprehensive content tailored for travelers seeking affordable travel options. Technically, Kiwi.com employs modern web technologies including React and Tailwind CSS, supported by Google Tag Manager and Forter for analytics and fraud prevention respectively. The site is optimized for performance and mobile responsiveness, ensuring a seamless user experience across devices. Security best practices are observed with HTTPS enforcement and presence of key security headers, although explicit incident response and vulnerability disclosure information are not publicly available. From a security and compliance perspective, Kiwi.com maintains a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. However, the WHOIS data for the domain is not publicly available, which slightly impacts trust but is common for commercial entities using privacy protection services. Overall, the site presents a strong security posture with room for improvement in transparency around incident response and vulnerability management. The overall risk assessment is moderate to low, with recommendations focusing on enhancing security transparency and providing clear contact channels for security incidents. Kiwi.com’s strategic position as a leading travel booking platform is supported by its technical infrastructure and user-centric design, making it a reliable choice for consumers worldwide.

W

Wheels of Arabia

wheelsofarabia.ae

0

Wheels of Arabia is an automotive service provider operating in the United Arab Emirates, likely offering vehicle sales, rentals, and related automotive solutions. The website is built on the Wix platform, leveraging standard Wix technologies and Google analytics and marketing tools. The technical infrastructure is moderate with good mobile optimization and basic SEO and accessibility features. Security posture is adequate with HTTPS and some JavaScript hardening, but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies and consent mechanisms. Business credibility is moderate but would benefit from clearer contact information and trust signals. Overall, the website is functional and safe but requires improvements in privacy compliance and security transparency.

S

Soudal Quick-Step Pro Cycling Team

soudal-quickstepteam.com

0

Soudal Quick-Step Pro Cycling Team operates as a professional cycling team with a strong digital presence showcasing team members, news, multimedia content, and merchandise sales. The website targets cycling enthusiasts and fans, providing comprehensive media and partner information. The technical infrastructure leverages modern JavaScript libraries and tracking tools, ensuring a responsive and engaging user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security policies and incident response details are absent. The WHOIS data anomaly presents a minor legitimacy concern but is mitigated by the professional site and active social media presence. Overall, the site is well-positioned in its niche with room for security and transparency improvements.

N

Nomads.com

airlinelist.com

0

Airline List is an informational platform launched in 2013 that provides comprehensive rankings and data on airlines, airplanes, and airports worldwide, focusing on service quality, safety, and lost luggage statistics. The site targets travelers and aviation enthusiasts seeking detailed and comparative airline information. It integrates affiliate marketing through Travelpayouts and uses flight data APIs from Skypicker to offer flight search capabilities with advanced filtering options. The platform is hosted with Cloudflare and employs HTTPS for secure connections. Technically, it uses jQuery and lightweight analytics services, with a custom-built front-end optimized for mobile devices. However, the site lacks formal privacy, cookie, and terms of service policies, and does not provide direct contact or incident response information, which are areas for improvement. Security posture is moderate with HTTPS enabled but missing DNSSEC and security headers. Overall, the website is professional, content-rich, and safe for general audiences but could enhance compliance and security transparency.

B

BOX NOW

boxnow.hr

0

BOX NOW is a Croatian company specializing in automated parcel locker services, providing a sustainable and convenient delivery network across Croatia. Their platform supports consumers, e-commerce businesses, physical stores, and courier partners with 24/7 access to parcel lockers powered by solar energy. The website reflects a modern digital infrastructure with integration of mapping, tracking, and mobile app promotion. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. Overall, the business appears legitimate, well-positioned in the Croatian logistics market, and technically competent.

M

M&T ehf.

mogt.is

0

M&T ehf. is a specialized Icelandic company founded in 1999, focusing on the design, installation, and maintenance of automated weather stations and related meteorological equipment. Their primary clients include government agencies and infrastructure operators such as the Icelandic Road and Coastal Administration and Landsnet. The website reflects a niche B2B service provider with a small company size and a clear focus on weather-related technology solutions within Iceland. The site is built on Joomla! CMS with MooTools JavaScript framework and includes Google Analytics for visitor tracking. However, it lacks modern privacy and security policy disclosures, and no cookie consent mechanism is present. The technical infrastructure is basic but functional, with moderate performance and limited mobile optimization.

M

M & G Classic Chrome & Cars, s.r.o.

classicchrome.eu

0

M & G Classic Chrome & Cars, s.r.o. is a small Slovak company specializing in high-quality chrome plating and vintage car restoration services. The company targets vintage car owners and restorers, offering specialized surface treatments and repairs. Their market position is solid within Slovakia and extends to some international clients, emphasizing quality and professionalism. The website reflects this focus with clear service descriptions, customer testimonials, and contact information. Technically, the site uses modern web technologies including Bootstrap, jQuery, and Google Tag Manager, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enforced and a comprehensive cookie consent mechanism, though it lacks advanced security headers and published security policies. Overall, the site is professional, trustworthy, and compliant with basic privacy regulations, though it could improve transparency by adding privacy and terms of service pages. The domain registration is consistent with the business, registered through a reputable Slovak registrar without privacy protection, supporting legitimacy.

Κ

ΚΕΡΚΥΡΑΙΚΗ ΝΑΥΑΓΟΣΩΣΤΙΚΗ MON.IKE

rent4allcorfu.com

0

Rent4All Corfu is a small transportation and hospitality business specializing in car and scooter rentals on the Greek island of Corfu. The company emphasizes transparency, customer service, and convenience, offering airport pick-up and island-wide delivery. Their website is well-structured, mobile-optimized, and integrates modern web technologies including Livewire and service workers, supporting a progressive web app experience. The site includes comprehensive privacy and cookie policies aligned with GDPR requirements, and actively uses analytics and advertising tools such as Google Analytics and Facebook Pixel with user consent mechanisms. Security posture is generally strong with HTTPS and CSRF protections, though explicit security headers are missing. The absence of WHOIS registration data is a notable concern but does not align with the professional and trustworthy appearance of the site and business. Overall, the website presents a credible and user-friendly platform for vehicle rentals in Corfu.

L

LIPEX PLUS spol. s.r.o.

citroencl.cz

0

LIPEX PLUS spol. s.r.o. operates the website citroencl.cz as a specialized Citroën dealership and service center located in Česká Lípa, Czech Republic. The company offers automotive sales, servicing, emission testing, and financing services primarily targeting Citroën vehicle owners in the local region. The website presents a professional and consistent brand image with clear contact details and social media presence, supporting its local market position. Technically, the website uses a traditional tech stack including jQuery, Bootstrap, and Google Analytics, with a responsive but basic mobile optimization. The site is moderately performant with clear navigation and SEO basics in place. However, there is no evidence of advanced CMS or modern frameworks, and accessibility features are minimal. From a security perspective, the site lacks visible security headers and does not provide privacy or cookie policies, indicating gaps in GDPR compliance and security best practices. No incident response or vulnerability disclosure information is present. The domain registration data is consistent and supports the legitimacy of the business. No WAF or blocking mechanisms were detected, and the site content is safe for general audiences. Overall, the website is functional and credible for its business purpose but would benefit from enhanced security measures, privacy compliance improvements, and modern technical upgrades to strengthen trust and regulatory adherence.

L

LIPEX PLUS spol. s r.o.

hondacl.cz

0

Honda Česká Lípa, operated by LIPEX PLUS spol. s r.o., is a small-sized authorized dealer and service provider specializing in Honda vehicles and garden machinery in the Czech Republic. The company offers a comprehensive range of automotive services including sales of new and used cars, authorized repairs, tire services, emission testing, and garden equipment sales. The website reflects a professional and consistent brand image with clear contact information and customer testimonials, positioning the company as a trusted local business with over 20 years of experience. Technically, the website employs modern frontend technologies such as Bootstrap, jQuery, and Google Analytics, ensuring a responsive and user-friendly experience. However, the absence of detected security headers and privacy policies indicates room for improvement in security and compliance. The site is accessible without any WAF or blocking mechanisms, but the lack of WHOIS data reduces domain trustworthiness and raises questions about domain registration transparency. From a security perspective, the site shows no immediate vulnerabilities or exposed sensitive data, but the missing privacy and cookie policies and lack of incident response information highlight compliance gaps, particularly with GDPR. The use of Google Analytics suggests moderate user tracking, but without clear privacy disclosures. Overall, the security posture is moderate but could be enhanced with standard best practices. Strategically, the company should prioritize establishing clear privacy and cookie policies, implement security headers, and verify domain registration details to improve trust and compliance. Enhancing incident response readiness and communicating data protection officer contacts would further strengthen their security culture and customer confidence.

F

F1 Experiences

f1experiences.com

0

F1 Experiences operates as the official provider of Formula 1 race tickets, hospitality, and travel packages worldwide. The company holds a strong market position as the exclusive source for premium F1 experiences, targeting motorsport enthusiasts and corporate clients seeking high-end event access. Their website reflects a mature digital presence with multi-language support, comprehensive event calendars, and clear navigation, supporting a global audience. Technically, the site leverages modern JavaScript libraries, integrates secure payment gateways like Stripe, and uses reputable analytics and marketing tools, hosted on AWS with CDN support for performance and scalability. Security posture is robust with HTTPS enforcement, security headers, and domain registration protections, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Privacy compliance is addressed with cookie consent mechanisms and a basic privacy policy, indicating GDPR awareness. Overall, the site is professional, trustworthy, and well-optimized for user experience and business operations.

K

KANAL M.P.S. s.r.o.

kanal-mps.sk

0

KANAL M.P.S. s.r.o. is a Slovak company specializing in sewer and drainage system services including electromechanical cleaning, high-pressure cleaning, and TV monitoring of sewer pipes. Established in 2003, it holds a stable market position with a medium-sized operation focused on servicing Slovak businesses and institutions. The website reflects a professional business model with clear service offerings and a consistent brand presence. Technically, the site uses modern JavaScript libraries such as jQuery, Lodash, Swiper.js, and Fancybox, hosted likely on Websupport infrastructure with DNSSEC enabled, ensuring domain security. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS and DNSSEC but lacks advanced security headers and explicit incident response or vulnerability disclosure policies. Privacy compliance is partial, with a cookie consent mechanism but no dedicated privacy policy or terms of service pages. Overall, the site is trustworthy and safe, with no adult or questionable content detected.

F

Formula 1®

formula1.com

0

Formula 1's official website serves as the primary digital platform for global fans and stakeholders of the Formula 1 racing series. It offers comprehensive content including news, race schedules, results, driver and team profiles, video highlights, and ticketing services. The site also supports subscription-based streaming via F1 TV, enhancing fan engagement with live and on-demand content. The platform is well-positioned as the authoritative source for Formula 1 information and entertainment, leveraging strong branding and partnerships with official entities such as the FIA. Technically, the website employs a modern technology stack including React with Next.js for server-side rendering, Brightcove for video delivery, and Cloudinary for media management. It integrates various analytics and monitoring tools such as Google Analytics and New Relic, and implements a consent management platform to comply with privacy regulations. The site is optimized for performance, mobile responsiveness, and accessibility, providing a seamless user experience across devices. From a security perspective, the website enforces HTTPS, utilizes robust security headers, and manages user consent effectively. However, there is no publicly available security policy or incident response contact information, and no vulnerability disclosure program is evident. The WHOIS data for the domain is unavailable, likely due to privacy or registry restrictions, but the website's official nature and consistent branding mitigate concerns about legitimacy. Overall, the website demonstrates a high level of professionalism, security, and compliance suitable for a major international sports brand. Strategic recommendations include publishing explicit security policies, establishing a vulnerability disclosure channel, and enhancing transparency around incident response to further strengthen trust and security posture.

F

fireTMS.com Sp. z o.o.

firetms.com

0

fireTMS.com Sp. z o.o. operates a mature and well-established transport management system platform targeting carriers and forwarders globally, with a strong presence in Poland and Europe. The company offers a comprehensive SaaS solution integrating transport planning, order management, invoicing, GPS tracking, and mobile applications, supported by a freight exchange service (fireXgo). The business is part of the Eurowag Group, enhancing its market credibility and reach. Technically, the website is built on modern frameworks like Next.js and React, optimized for performance and mobile responsiveness, and integrates multiple marketing and analytics tools. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though explicit security policies and vulnerability disclosure mechanisms are absent. Overall, the website and business demonstrate high professionalism, trustworthiness, and compliance with GDPR, making fireTMS a credible and competitive player in the transport software industry.

W

W.A.G. payment solutions, a.s.

cvs-mobile.com

0

W.A.G. payment solutions, a.s., operating under the Eurowag brand, is a leading European provider of integrated mobility and payment solutions focused on the transportation sector. The company offers a comprehensive suite of services including fleet management telematics, fuel cards, toll payment solutions, tax refund services, and eMobility options. Their recent integration of CVS Mobile enhances their fleet management capabilities with advanced real-time tracking and route planning, positioning them strongly in the European transport market. The website reflects a mature digital presence with multi-language support and country-specific offerings, targeting fleet operators and logistics managers across Europe. Technically, the website is built on the Webflow platform, leveraging modern web technologies such as Google Tag Manager for analytics and tracking, and intl-tel-input for phone input handling. The site is well-optimized for mobile devices, accessible, and fast-loading, demonstrating a high level of digital maturity. The presence of comprehensive legal, privacy, and cookie policies indicates a strong commitment to compliance and user privacy. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, though explicit security headers are not detected in the provided data. No vulnerabilities or exposed sensitive data were found in the content. The absence of WHOIS data limits domain registration trust analysis, but the website's professional presentation, regulatory disclosures, and trust signals support a strong security posture. Overall, the website presents a low-risk profile with robust business credibility and technical implementation. Strategic recommendations include enhancing security headers, publishing an incident response page, and adding a vulnerability disclosure policy to further strengthen security transparency and resilience.

W

W.A.G. payment solutions, a.s.

gbox.pl

0

W.A.G. payment solutions, a.s. operates as a leading European provider of integrated mobility and payment solutions, primarily serving the transportation and fleet management sectors. Their website promotes the GBox telematics platform, offering real-time vehicle tracking, driver monitoring, and data analytics to optimize fleet operations and reduce costs. The company targets transport companies, fleet managers, and logistics operators with a comprehensive suite of telematics and payment services, supported by multiple digital portals and mobile applications. Technically, the website is built on the Webflow CMS platform, leveraging modern JavaScript libraries such as jQuery and intl-tel-input, and integrates Google Tag Manager and LiveChat for analytics and customer support. The site is well-optimized for mobile devices, accessibility, and SEO, with a fast loading performance and structured navigation. Privacy and cookie policies are clearly presented with consent mechanisms, reflecting good compliance with GDPR requirements. From a security perspective, the site enforces HTTPS, uses CAPTCHA on forms, and avoids exposing sensitive data. However, explicit security headers like CSP and HSTS are not detected, and no public vulnerability disclosure or incident response contacts are provided. The WHOIS data is unavailable publicly, which slightly reduces transparency but is common for corporate domains. Overall, the security posture is solid but could be enhanced with additional headers and disclosure practices. The overall risk assessment indicates a trustworthy and professional online presence with moderate to high credibility. Strategic recommendations include improving security header implementation, publishing a security.txt file, and enhancing incident response transparency to further strengthen trust and compliance.

W

W.A.G. payment solutions, a.s.

ocrk.pl

0

W.A.G. payment solutions, a.s. operates a professional website focused on providing integrated mobility and payment solutions for the European transport sector. The site highlights expert services in driver work time management, compliance, and financial settlements, targeting transport companies and fleet managers. The company positions itself as a leading provider with a broad portfolio including fuel cards, toll services, telematics, and financial services. The website is well-structured, multilingual, and rich in content, reflecting a mature digital presence. Technically, the site leverages modern web technologies including Webflow CMS, JavaScript libraries like jQuery and intl-tel-input, and integrates Google Tag Manager and LiveChat for analytics and customer support. The site is mobile-optimized and accessible, with cookie consent mechanisms and GDPR-compliant privacy policies. Security measures include HTTPS and CAPTCHA on forms, though explicit security headers and incident response information are not evident. The security posture is solid but could be improved by adding security headers and publishing vulnerability disclosure information. The absence of WHOIS data reduces trust slightly but the professional presentation and consistent business information mitigate concerns. Overall, the site demonstrates a strong business and technical foundation with room for enhanced security transparency. Strategic recommendations include implementing security headers, publishing a security.txt file, providing incident response contacts, and improving WHOIS transparency to enhance trust and compliance.

W

W.A.G. payment solutions, a.s.

webeye.eu

0

W.A.G. payment solutions, a.s., operating under the brand Eurowag, is a leading provider of integrated mobility and payment solutions tailored for the European transportation sector. The company offers a comprehensive suite of services including fleet management, toll payment solutions, fuel cards, tax refunds, and financial services, targeting commercial fleet operators and logistics companies. Their market position is strong, supported by a large-scale operation and a broad geographic presence across multiple European countries. Technically, the website is built on modern web technologies including Webflow CMS, jQuery, and Google Tag Manager, hosted on a performant CDN infrastructure. The site is well-optimized for mobile devices, accessibility, and SEO, reflecting a mature digital presence. The integration of multiple login portals and partner platforms indicates a complex and well-managed technical ecosystem. From a security perspective, the website enforces HTTPS and implements cookie consent mechanisms, demonstrating compliance with privacy regulations such as GDPR. However, explicit security headers are not visibly configured, and there is no public incident response or vulnerability disclosure policy, which are areas for improvement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional and trustworthy front for a large enterprise in the transportation and payment services industry. The lack of WHOIS data reduces transparency but does not detract significantly from the site's legitimacy. Strategic recommendations include enhancing security headers, publishing incident response contacts, and formalizing vulnerability disclosure policies to strengthen trust and compliance.

N

Nahverkehrsservice Sachsen-Anhalt GmbH

insa.de

0

Nahverkehrsservice Sachsen-Anhalt GmbH operates the INSA platform, a regional public transportation service providing comprehensive timetable information and ticketing solutions for Sachsen-Anhalt and the Mitteldeutschen Verkehrsverbund (MDV). The website serves as a digital hub for users seeking mobility information, ticket purchases, and related services such as the INSA app and RufBus ordering. Positioned as a key regional mobility facilitator, INSA leverages modern web technologies and complies with GDPR regulations to ensure user privacy and data protection. Technically, the website is built on TYPO3 CMS, integrating JavaScript libraries such as ReadSpeaker for accessibility and Cookiebot for consent management. The infrastructure is hosted with professional DNS providers and employs HTTPS with good SSL configuration, ensuring secure communications. The site demonstrates good mobile optimization, accessibility, and SEO practices, providing a user-friendly experience. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms, and avoids exposing sensitive data. However, it lacks explicit published security policies or incident response contacts, which could be improved to enhance trust and readiness. Analytics usage is moderate with Piwik (Matomo), respecting privacy with clear retention policies. Overall, the website is trustworthy, professionally maintained, and compliant with privacy laws. Strategic recommendations include publishing a security.txt file, incident response contacts, and expanding security policy disclosures to strengthen the security posture and user trust.

Pon.Bike is a global group of bicycle brands offering a wide range of bicycles across various market segments, from off-road downhill racing bikes to urban luggage carriers. The website positions itself as a leading player in the bicycle industry with a professional and modern digital presence. The business model focuses on multi-brand management and distribution, targeting consumers and businesses interested in bicycles worldwide. The site content is well-structured, with clear branding and consistent messaging.

Zweckverband Verkehrsverbund Oberlausitz-Niederschlesien (ZVON) operates a regional public transportation portal serving the Oberlausitz and Niederschlesien regions in Germany. The website provides comprehensive information on public transit schedules, ticketing, network maps, and current service updates, targeting local commuters and travelers. The business model centers on facilitating access to public transport services and enhancing user experience through digital tools such as real-time departure monitors and fare calculators. The organization holds a solid regional market position as a trusted mobility service provider.

N

Nahverkehrsservice Sachsen-Anhalt GmbH

nasa.de

0

Nahverkehrsservice Sachsen-Anhalt GmbH (NASA GmbH) is a regional public transportation authority responsible for planning, ordering, and financing local rail passenger transport in the German state of Sachsen-Anhalt. The company also operates the INSA timetable information system, serving public transport users and stakeholders in the region. The website reflects a professional and consistent brand presence, targeting primarily German-speaking users interested in regional mobility services. The business model focuses on public sector transportation planning and service provision, positioning NASA GmbH as an essential regional player in transportation infrastructure and information services. Technically, the website is built on the TYPO3 CMS platform, integrating modern web technologies such as jQuery, ReadSpeaker for accessibility, and Cookiebot for GDPR-compliant cookie management. Hosting is managed via DomainControl nameservers, and the site demonstrates good mobile optimization, accessibility, and SEO practices. Analytics are conducted using Piwik (Matomo), indicating a privacy-conscious approach to user data collection. From a security perspective, the site enforces HTTPS and implements a comprehensive cookie consent mechanism. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident, and no public security policy or incident response contacts are published. No vulnerabilities or exposed sensitive data were detected in the analyzed content. The domain registration appears legitimate and consistent with the business's regional focus. Overall, the website presents a low-risk profile with strong privacy compliance and good technical implementation. Strategic improvements could include publishing a formal security policy, adding security headers, and establishing a vulnerability disclosure process to enhance trust and security posture further.

F

Fahrgastforum Sachsen-Anhalt

fahrgastforum.de

0

Fahrgastforum Sachsen-Anhalt operates a regional public transport passenger forum website focused on collecting and sharing ideas, questions, and feedback about regional trains, S-Bahn, and PlusBus services in Sachsen-Anhalt, Germany. The site targets local passengers and community members interested in improving public transport services. It is positioned as a community engagement platform with a clear focus on regional transportation issues. The website uses TYPO3 CMS and Bootstrap for a responsive and accessible user experience, supported by Cookiebot for cookie consent management and Piwik (Matomo) for analytics. The technical infrastructure is modern and adequate for the site's purpose, hosted on domaincontrol.com nameservers.

N

Nahverkehrsservice Sachsen-Anhalt GmbH

mein-takt.de

0

Mein Takt Sachsen-Anhalt is the official regional mobility brand for the German state of Sachsen-Anhalt, operated by Nahverkehrsservice Sachsen-Anhalt GmbH. The website provides comprehensive information and services related to regional trains, S-Bahn, PlusBus lines, train stations, and travel information via the INSA Fahrplanauskunft system. The site targets public transport users within the region and serves as a key information portal for mobility services. Technically, the website is built on TYPO3 CMS, integrates modern JavaScript libraries, and uses Cookiebot for GDPR-compliant cookie consent. The presence of accessibility features and mobile optimization indicates a mature digital infrastructure. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms but lacks explicit security headers and published security policies. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though it could improve transparency around security and incident response.

N

Nahverkehrsservice Sachsen-Anhalt GmbH

starker-nahverkehr.de

0

Mein Takt Sachsen-Anhalt is a regional public transportation brand operated by Nahverkehrsservice Sachsen-Anhalt GmbH, focusing on providing mobility services including regional trains, S-Bahn, PlusBus lines, and travel information via the INSA system. The website serves residents and travelers in the German state of Sachsen-Anhalt, offering comprehensive travel planning tools and service information. The site is built on TYPO3 CMS and integrates third-party services such as Cookiebot for cookie consent and INSA for travel planning. The technical infrastructure is modern and well-implemented, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies are not publicly documented. Privacy compliance is strong, with a detailed privacy policy and GDPR-aligned cookie consent. Overall, the website is professional, trustworthy, and serves its target audience effectively.

D

Deutsche Bahn AG

deutschebahn.com

0

Deutsche Bahn AG operates as Germany's leading railway company, offering comprehensive passenger and freight transportation services, infrastructure management, and innovative mobility solutions. The website reflects a mature digital presence with a professional design, clear navigation, and extensive content covering corporate information, sustainability, digitalization, and business units. The company targets a broad audience including customers, investors, and partners, positioning itself as a key player in the European transportation sector. Technically, the site leverages modern technologies such as CoreMedia CMS, Matomo analytics, and Usercentrics for consent management, ensuring compliance with GDPR and providing a good user experience across devices. The security posture is strong with HTTPS enforcement and security headers, although explicit security policies and incident response contacts are not published. Overall, the website is trustworthy and professionally maintained, though the WHOIS data for the queried domain variant is missing, which warrants verification. The site does not exhibit any adult or questionable content and maintains good privacy compliance. Strategic recommendations include publishing detailed security policies, incident response information, and vulnerability disclosure mechanisms to enhance transparency and trust.

D

Deutsche Bahn AG

db-ersatzverkehr.de

0

The website 'Ersatzverkehr bei Generalsanierungen' is an official informational portal operated by Deutsche Bahn AG, focusing on replacement bus services during major rail infrastructure renovations in Germany. It serves travelers and freight customers by providing timely updates, travel alternatives, and detailed information about ongoing and upcoming construction projects. The site leverages a modern technical infrastructure including CoreMedia CMS, Usercentrics for cookie consent, and Matomo for privacy-conscious analytics. The design is professional, mobile-optimized, and accessible, reflecting Deutsche Bahn's strong brand identity and commitment to user experience. Security posture is solid with HTTPS enforced and no exposed sensitive data, though explicit security policies and incident response contacts are not published. Overall, the domain registration and website content are consistent and trustworthy, supporting a high legitimacy score.

V

VMV – Verkehrsgesellschaft Mecklenburg-Vorpommern mbH

vmv-mbh.de

0

VMV – Verkehrsgesellschaft Mecklenburg-Vorpommern mbH operates as a regional public transportation company in Mecklenburg-Vorpommern, Germany, providing services related to public transit schedules, ticketing, and regional transport network management. The website serves as an information portal for residents and travelers, offering schedule information, news updates, and contact options. The company positions itself as a key regional transportation authority with a focus on accessibility and customer engagement. Technically, the website is built on WordPress using modern plugins such as Elementor and Yoast SEO, ensuring good SEO and mobile responsiveness. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit security policies could be improved. Privacy compliance is evident with a comprehensive privacy and cookie policy, aligned with GDPR requirements. Overall, the website is professional, trustworthy, and well-maintained, supporting the company's regional transportation mission.

V

Verkehrsverbund Bremen/Niedersachsen GmbH

fahrplaner.de

0

The FahrPlaner website serves as the official digital platform for public transportation information and ticketing in the German regions of Niedersachsen and Bremen. Operated by Verkehrsverbund Bremen/Niedersachsen GmbH, it offers real-time timetable data, mobile ticket purchasing, and comprehensive route planning through a well-integrated app and web interface. The site is positioned as a regional leader in transportation services, targeting commuters and travelers within these areas. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and Leaflet.js for mapping, ensuring a responsive and accessible user experience. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms, though it lacks explicit security policies or vulnerability disclosures. Overall, the platform demonstrates a mature digital presence with good privacy compliance and trustworthy domain registration.

N

NETINERA

netinera-tickets.de

0

NETINERA operates a digital platform and app for the Deutschland-Ticket, a nationwide public transportation subscription in Germany. The company is a major player in the German regional transport sector, operating multiple subsidiary brands. The website provides comprehensive information about ticketing options, app usage, and subscription management, targeting private customers, students, apprentices, and employers. Technically, the site uses modern web standards, is hosted behind Cloudflare, and implements HTTPS with strong security headers. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. However, explicit security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and well-optimized for its audience.

R

Regentalbahn GmbH

alex.info

0

The website www.laenderbahn.com/alex/ represents the alex regional train service operated by Regentalbahn GmbH, a subsidiary of the Netinera group. It offers daily direct train connections between Germany and the Czech Republic, targeting commuters and travelers in this region. The site provides comprehensive travel information, ticket sales, real-time updates, and customer service resources. The business model focuses on regional transportation services with a strong emphasis on customer convenience and cross-border connectivity. Technically, the website is built on Craft CMS and employs modern JavaScript libraries and frameworks such as jQuery and Mmenu for mobile navigation. It integrates multiple analytics and tracking tools including Matomo, Google Tag Manager, Facebook Pixel, and Hotjar, all managed with a cookie consent mechanism to comply with privacy regulations. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. From a security perspective, the website enforces HTTPS and uses CSRF tokens to protect forms. While explicit HTTP security headers were not detected in the provided data, the site follows best practices in data protection and privacy compliance, including a comprehensive privacy policy and cookie management. No vulnerabilities or exposed sensitive data were found. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website branding and content strongly indicate a legitimate business. Overall, the site is professional, trustworthy, and well-maintained, serving its target audience effectively. The main risk lies in the missing WHOIS registration data, which should be verified externally. Strategic recommendations include enhancing HTTP security headers, publishing a vulnerability disclosure policy, and providing explicit incident response contacts to further strengthen security posture.

The Berchtesgadener Land Bahn website serves as the official online presence for a regional railway operator in Germany, providing schedules, ticketing information, and news updates related to the Freilassing to Berchtesgaden rail line. The business recently transitioned operations to Bayerische Regiobahn, indicating a shift in operational control. The website targets local passengers and public transport users, offering essential travel information and partner links. Technically, the site is built with basic HTML, CSS, and JavaScript without modern frameworks or CMS, resulting in moderate performance and limited mobile optimization. Security posture is weak, with no HTTPS enforcement or security headers detected, and no visible privacy or cookie policies, which poses compliance and trust concerns. Overall, the site is functional but lacks modern security and privacy best practices, limiting its digital maturity and user trust.