Security Directory

I

Ingroup

ingroup.lu

0

Ingroup is a prominent marketing and digital solutions provider based in Luxembourg, operating through multiple specialized brands that offer comprehensive communication, advertising, branding, media, and distribution services. The company positions itself as a major player in the Greater Region, targeting businesses seeking to maximize their visibility and impact through integrated 360° solutions. The website reflects a professional and consistent brand image with clear navigation and regularly updated news content. Technically, the site is built on WordPress with modern plugins and libraries, hosted by OVH, and optimized for mobile and SEO. Security measures include HTTPS, Google reCAPTCHA on contact forms, and a robust cookie consent mechanism, although some security headers and policies could be improved. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

D

Domainhotelli

domainhotelli.fi

0

Domainhotelli is a Finnish-based domain registrar and web hosting provider offering affordable and reliable services primarily targeting Finnish-speaking customers. The company emphasizes ease of use, local language support, and competitive pricing, positioning itself as a trusted local alternative in the domain and hosting market. Their key services include domain registration, DNS management, web hosting optimized for WordPress, and customer support in Finnish. The website is professionally designed, mobile-optimized, and SEO-friendly, reflecting a mature digital presence. Technically, the website runs on WordPress with modern plugins such as Yoast SEO and integrates third-party services like Google Tag Manager and Iubenda for cookie management. Hosting infrastructure is located in Finland, ensuring performance and compliance with local data regulations. Accessibility and user experience are well addressed, with clear navigation and responsive design. From a security perspective, the site uses HTTPS with good SSL configuration and implements cookie consent mechanisms. However, explicit security policies and incident response contacts are not published, and security headers are not evident in the HTML content. No vulnerabilities or suspicious activities were detected. WHOIS data aligns well with the business claims, showing transparency and legitimacy. Overall, Domainhotelli presents a low-risk profile with strong business credibility and technical maturity. Strategic improvements in security policy transparency and incident response communication would further enhance trust and compliance.

L

Luxembourg House of Cybersecurity g.i.e.

cswl.lu

0

The website represents the CYBERSECURITY Week Luxembourg 2025, a national campaign coordinated by the Luxembourg House of Cybersecurity. It aims to promote cybersecurity awareness and foster collaboration within the Luxembourg cybersecurity ecosystem through key events such as the Luxembourg GRC Conference and hack.lu. The campaign targets cybersecurity professionals and the wider community interested in cybersecurity topics. The website content is well-structured, professionally designed, and consistent with the organization's branding. Technically, the site uses modern web technologies including React, Bootstrap, and FontAwesome, with good mobile optimization and moderate performance. The site is served over HTTPS with no visible security vulnerabilities or exposed sensitive data. However, some security best practices like security headers and cookie consent mechanisms are missing or not visible in the provided content. From a security posture perspective, the site demonstrates a good baseline with HTTPS and no evident vulnerabilities. The presence of legal and data protection notices in PDF format indicates attention to compliance, though explicit security policies and incident response information are absent. The WHOIS data aligns well with the website's claims, showing consistent registration and no privacy protection, enhancing trustworthiness. Overall, the website is a credible, professional platform for cybersecurity awareness events in Luxembourg, with room for improvement in privacy compliance and security policy transparency.

C

CIRCL

vulnerability-lookup.org

0

Vulnerability-Lookup is a specialized cybersecurity platform developed and operated by CIRCL, focusing on vulnerability tracking, correlation, and coordinated vulnerability disclosure. It serves security teams, researchers, and system administrators by aggregating data from multiple vulnerability sources and providing tools for managing security advisories and sightings. The platform integrates with global initiatives such as the Global CVE Allocation System and supports compliance with directives like NIS2. Technically, the website is built using the Hugo static site generator and employs modern JavaScript libraries for search functionality, delivering a fast and accessible user experience. Security posture is solid with HTTPS implied, but lacks explicit security headers and published privacy policies, which are areas for improvement. WHOIS data is unavailable, reducing transparency but the association with CIRCL and EU funding projects supports legitimacy. Overall, the site is professional, trustworthy, and well-positioned within the cybersecurity niche.

S

Syndicat Intercommunal de Gestion Informatique

sigi.lu

0

The Syndicat Intercommunal de Gestion Informatique (SIGI) is a government IT syndicate based in Luxembourg that provides IT solutions and support services to local municipalities. The website presents a professional image with clear navigation, comprehensive privacy and cookie policies, and a focus on supporting Luxembourg communes in their missions. Technically, the site is built on WordPress using the Divi theme and incorporates modern plugins such as the Modern Events Calendar and Matomo for analytics, indicating a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place, though the absence of explicit security policies and incident response contacts suggests room for improvement. The lack of WHOIS data transparency limits the ability to fully verify domain legitimacy, but the website content and structure align with a credible public sector entity. Overall, the site is well-maintained, GDPR compliant, and serves its target audience effectively.

S

Syndicat des Villes & Communes luxembourgeoises

syvicol.lu

0

The Syndicat des Villes & Communes luxembourgeoises (Syvicol) website serves as the official online presence for the Luxembourg municipal syndicate, focusing on promoting and defending the interests of cities and communes in Luxembourg. The site targets local government entities and provides information relevant to their collective interests. The business model is that of a non-profit government association, with a clear focus on advocacy and representation within the public sector. Technically, the website employs modern web technologies including Bootstrap icons, Google Fonts, Google Tag Manager, Hotjar analytics, and Cookiebot for cookie consent management. The site is served over HTTPS, ensuring secure communication. The presence of a detailed cookie consent mechanism indicates a commitment to privacy compliance, although explicit privacy and terms of service pages were not detected in the provided content. From a security perspective, the site demonstrates good practices such as HTTPS enforcement, bot protection via Google reCAPTCHA, and controlled script loading through Google Tag Manager. However, the absence of visible security headers and lack of explicit security policies or incident response contacts suggest areas for improvement. The WHOIS data is unavailable or malformed, which reduces domain trustworthiness, but the official .lu domain and professional site design mitigate some concerns. Overall, the website is professional, secure, and compliant with basic privacy standards, but it would benefit from publishing clear privacy policies, terms of service, and contact information to enhance trust and compliance. Strategic recommendations include improving security headers, adding vulnerability disclosure mechanisms, and enhancing accessibility features.

N

National Cybersecurity Competence Center Luxembourg

nc3.lu

0

The National Cybersecurity Competence Center Luxembourg (NC3) is a government-affiliated organization dedicated to enhancing the cybersecurity posture of Luxembourg's businesses, institutions, and stakeholders. It offers a comprehensive suite of services including self-assessment tools, risk diagnostics, training simulations, and strategic guidance. The center also fosters community initiatives and funding opportunities to strengthen the national and European cybersecurity ecosystem. The website positions NC3 as a central hub for cybersecurity competence in Luxembourg, linking national efforts with European initiatives.

L

Luxembourg House of Cybersecurity

room42.lu

0

ROOM#42 is a cybersecurity simulation service operated by the Luxembourg House of Cybersecurity, offering immersive cyberattack crisis training sessions primarily targeting professionals across various sectors including finance, IT, legal, and management. The service is recognized locally and internationally, with a subsidiary presence in Toulouse. The website presents a professional and consistent brand image with clear contact information and testimonials from credible industry figures. Technically, the site uses modern front-end libraries such as Materialize CSS and jQuery, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS usage but lacks advanced security headers and published policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the domain registration and DNS setup are consistent with a legitimate business entity.

T

Technoport SA

technoport.lu

0

Technoport SA is a Luxembourg-based business incubator focused on supporting innovative and technology-oriented startups. The company provides incubation programs, event spaces, and participates in European and international projects to foster entrepreneurship and innovation. The website reflects a professional and consistent brand presence targeting entrepreneurs and startups seeking support and networking opportunities. The technical infrastructure relies on established but somewhat dated technologies such as jQuery 1.x and Bootstrap 3.x, hosted on Amazon AWS infrastructure, indicating a stable but potentially improvable digital maturity. Security posture is moderate with HTTPS usage assumed but lacking visible security headers and using outdated JavaScript libraries, which could expose the site to vulnerabilities. Privacy compliance is weak due to the absence of privacy and cookie policies, which is a notable gap given GDPR requirements. Overall, the website is functional, trustworthy, and business credible but would benefit from technical and compliance enhancements.

A

Adoraweb Agence Marketing Digital Luxembourg

adoraweb.lu

0

Adoraweb is a small, agile digital marketing agency based in Luxembourg, founded in 2013. The company specializes in providing digital marketing services including SEO, SEA, web design, and digital strategy consulting, targeting ambitious businesses in Luxembourg. Their market position is strengthened by unique agile marketing methodologies and a strong client portfolio. The website is professionally designed, content-rich, and optimized for user experience and SEO, reflecting a mature digital presence. Technically, the site is built on WordPress with modern JavaScript libraries and uses Cloudflare for DNS and likely CDN services. Security posture is solid with HTTPS and form protections, though explicit security headers and cookie consent mechanisms are missing. Analytics and tracking are extensive, leveraging Piwik PRO, Google Analytics, Facebook, and LinkedIn pixels. Overall, the website is trustworthy and professional, with clear contact information and certifications displayed. Recommendations include enhancing privacy compliance with cookie consent and security headers, and publishing security policies.

C

CMD Solutions

cmd.solutions

0

CMD Solutions is an IT service provider specializing in hosting, mail, phone, fiber, backup, and milestone services. The company appears to target business clients seeking reliable IT and telecommunications solutions. The website is built on WordPress using the Divi theme, with multilingual support for French, English, and German. The technical infrastructure includes common plugins for SEO, analytics, and GDPR compliance, hosted via EuroDNS S.A. The site demonstrates moderate performance and good mobile optimization but lacks some advanced accessibility features. Security posture is adequate with HTTPS enabled and domain transfer protection, but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is partial, with a cookie consent mechanism but no explicit privacy policy or terms of service found. Contact is primarily via a web form, with no direct email or phone contacts visible. Overall, the website is professional and trustworthy but could enhance transparency and security practices.

A

ANEXIA Internetdienstleistungs GmbH

anexia.com

0

ANEXIA Internetdienstleistungs GmbH is a well-established IT service provider founded in 2006 in Austria, with additional offices in Germany and the USA. The company specializes in software development, managed hosting, cloud solutions, and IT infrastructure services, targeting businesses seeking high availability and European digital sovereignty. Their market position is supported by multiple ISO certifications and a strong portfolio of international clients including BMW and Audi. Technically, the website is built on TYPO3 CMS and integrates Google Tag Manager for analytics, reflecting a modern and professional digital presence. Security posture is strong with ISO 27001 certification and domain transfer protections, though DNSSEC is not enabled and no public incident response contacts or vulnerability disclosure policies were found. Overall, the website is professional, well-structured, and compliant with GDPR, with clear contact channels and trust indicators. The risk profile is low with recommendations to enhance DNS security and publish vulnerability disclosure information.

O

OCA Luxembourg

oca.lu

0

OCA Luxembourg is a professional insurance brokerage firm operating in the Grand Duchy of Luxembourg, providing tailored insurance solutions for both professionals and individuals. The company offers a range of services including professional insurance, personal insurance, and specialty insurance products such as Lifestyle & Fine Art, construction guarantees, and coverage for European officials and sports professionals. The website reflects a well-structured and professional digital presence with clear navigation and relevant content targeting Luxembourg-based clients. Technically, the website employs modern web technologies including Bootstrap, jQuery, and specialized plugins like Revolution Slider and tarteaucitron for cookie consent management. The site is mobile-optimized and demonstrates good SEO practices, although some improvements in accessibility and security headers could enhance its technical maturity. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, indicating awareness of privacy regulations such as GDPR. However, the absence of visible security headers and incident response information suggests room for improvement in security posture. The lack of WHOIS data limits the ability to fully verify domain legitimacy, but the professional content and business registration number lend credibility. Overall, the website presents a trustworthy and professional image suitable for its business domain, with moderate technical and security maturity. Strategic enhancements in security headers, incident response transparency, and WHOIS data availability would strengthen trust and compliance.

O

Orange Luxembourg

orange.lu

0

Orange Luxembourg is a major telecommunications operator providing mobile telephony, internet fiber, TV, and fixed-line telephone services in Luxembourg. The website reflects a professional and well-branded digital presence, targeting a general audience with clear service offerings. The technical infrastructure is based on Magento 2, leveraging modern web technologies and integrating analytics and marketing tools such as Google Tag Manager and Facebook Pixel. Security posture is good with HTTPS enforced and partial security headers, though some improvements are recommended to enhance security headers and CSP completeness. Privacy compliance is basic with a cookie consent mechanism but no explicit privacy policy detected in the provided content. The absence of WHOIS data limits domain trust verification, but the website content and branding strongly indicate legitimacy.

O

Orne THD

ornethd.net

0

Orne THD is a local public telecommunications operator based in France, founded in 2015. The company provides fiber optic internet, TV, and telephony services primarily targeting residential and professional customers in specific French departments (54 and 57). The website presents a professional image with clear branding and consistent content focused on its key services. The domain registration data aligns well with the company's founding date and business claims, supporting its legitimacy. Technically, the website is built on WordPress using popular plugins such as LayerSlider and Revolution Slider, with jQuery and Google reCAPTCHA integrated for enhanced user experience and security. The site is moderately performant, mobile-optimized, and SEO-friendly, though accessibility features are basic. Hosting is likely provided by OVH sas, inferred from the registrar information. From a security perspective, the website uses HTTPS and implements Google reCAPTCHA, but lacks DNSSEC and security headers, which are recommended to improve security posture. There is no visible privacy policy, cookie policy, or vulnerability disclosure information, indicating compliance gaps with GDPR and best practices. Contact information is clearly provided, but no dedicated security or incident response contacts are found. Overall, the website is trustworthy and professional but would benefit from enhanced security measures and compliance documentation to improve user trust and regulatory adherence.

L

lux-airport

lux-airport.lu

0

Luxembourg Airport operates as a key regional transportation hub offering passenger and cargo air services with over 100 destinations and 14 airlines. The airport provides comprehensive services including parking, transport options, shopping, dining, and special assistance, targeting travelers and business passengers. The website demonstrates a mature digital presence with multilingual support, modern technologies, and strong branding consistency. Technical infrastructure is based on WordPress with integrations for analytics, accessibility, and cookie compliance. Security posture is solid with HTTPS and privacy mechanisms, though explicit security headers and incident response policies are absent. WHOIS data is unavailable, limiting domain trust verification, but the professional website and official social media presence support legitimacy. Overall, the airport's digital platform is well-structured, user-friendly, and compliant with GDPR, serving its audience effectively.

F

FRS Finland

frs-finland.fi

0

FRS Finland is a regional ferry and charter cruise operator serving the Helsinki Metropolitan Area and surrounding archipelago destinations. The company offers a range of services including scheduled ferry routes, VIP and group cruises, seasonal passes, and gift cards. It holds sustainability certifications and is part of the FRS Group, indicating a solid market position in transportation services. The website is built on TYPO3 CMS, employs modern web technologies, and integrates Google Tag Manager and Analytics for marketing and performance tracking. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. Overall, the site is professional, accessible, and trustworthy, supporting a positive user experience.

J

JT-Line Oy

jt-line.fi

0

JT-Line Oy is a Finnish small-sized transportation company specializing in ferry and charter cruise services in the Helsinki archipelago. The company operates authentic paddle steamer ferries and water buses, emphasizing sustainable travel by using renewable biofuels and promoting inclusivity. Their market position is niche but well-defined, targeting tourists, families, and groups seeking maritime experiences in the Helsinki region. The website reflects a professional and consistent brand image with clear service offerings and certifications such as Sustainable Travel Finland and Ekokompassi. Technically, the site is built on WordPress with modern SEO and analytics tools integrated, including Google Tag Manager and Facebook Pixel, supported by a GDPR-compliant cookie consent mechanism. Security posture is good with HTTPS enforced, though some security headers could be improved. No critical vulnerabilities or blocking mechanisms were detected, and privacy compliance is well addressed. Contact information is comprehensive, supporting business credibility.

T

Turun seudun joukkoliikenne

foli.fi

0

Turun seudun joukkoliikenne (Föli) operates as the primary public transportation provider in the Turku region, Finland. The website serves as a comprehensive portal for bus schedules, route planning, ticketing, and real-time transit updates, targeting residents and visitors of the region. Föli maintains a strong market position as a regional transit authority, supported by partnerships with seven municipalities. The business model is public service oriented, focusing on accessibility and user convenience.

J

Jyväskylän kaupunki

jyvaskyla.fi

0

Jyväskylän kaupunki operates as the official municipal government website for the city of Jyväskylä, Finland. It provides comprehensive information and services related to municipal administration, culture, events, and public services targeted primarily at residents and visitors. The website is positioned as the authoritative source for city-related information and services, supporting citizen engagement and municipal transparency. Technically, the site is built on Drupal 10 CMS, leveraging modern web technologies, including a robust cookie consent mechanism and integration with reputable third-party analytics and content delivery networks. The site demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Security posture is strong with HTTPS enforcement, security headers, and privacy compliance aligned with GDPR. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the website is professional, trustworthy, and compliant with privacy regulations, serving as a reliable digital platform for municipal services.

H

Hämeenlinna

hameenlinna.fi

0

Hämeenlinna's official website serves as a comprehensive digital portal for the city, providing extensive information and services related to housing, education, wellbeing, culture, tourism, and economic development. The site targets residents, visitors, and businesses, positioning itself as a trusted municipal resource. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Cookiebot, ensuring good SEO and privacy compliance mechanisms. The use of Matomo and Google Analytics indicates a mature approach to user analytics, although privacy policy documentation is lacking. Security posture is strong with HTTPS and cookie consent, but could be improved with additional security headers and published policies. Overall, the site is professional, well-branded, and trustworthy, reflecting the city's stature and commitment to digital service delivery.

O

Oulun seudun liikenne

oulunjoukkoliikenne.fi

0

Oulun seudun liikenne operates as a regional public transportation authority in Finland, providing bus schedules, ticketing, and travel information primarily for the Oulu region. The website serves residents and travelers with relevant transit data and customer service resources. The business model focuses on public transport facilitation with digital tools such as the OSL app and integration with partner services like Waltti for ticket purchases. Technically, the website is built on WordPress, leveraging modern web technologies including jQuery, Google Tag Manager, and Cookiebot for consent management. The site demonstrates good SEO and accessibility practices with responsive design and clear navigation. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are absent. Privacy compliance is partially met with a detailed cookie consent mechanism but lacks a clearly accessible privacy policy or terms of service. Overall, the website is professional, trustworthy, and well-aligned with its public service mission, though improvements in transparency and security documentation are recommended.

Lahden seudun liikenne operates as the official public transportation authority for the Lahti region in Finland, providing comprehensive bus route information, timetables, ticketing options, and customer service. The website serves as a key digital touchpoint for residents and visitors seeking transit information. The company holds a solid market position as a regional transport provider with a clear focus on accessibility and user convenience. Technically, the website is built on WordPress and leverages modern web technologies including jQuery, Google Tag Manager, and Cookiebot for consent management. The site demonstrates good performance, mobile optimization, and accessibility features, ensuring a positive user experience across devices. Security posture is strong with HTTPS enforced, appropriate security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed through a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the website reflects a mature digital infrastructure supporting a trusted public service entity.

N

Nysse, Tampereen seudun joukkoliikenne

nysse.fi

0

Nysse is the public transportation service provider for the Tampere region in Finland, offering responsible and evolving transit solutions to residents and visitors. The website reflects a regional public service entity with a clear focus on accessibility, user convenience, and compliance with privacy regulations. The technical infrastructure leverages modern web technologies including jQuery, Bootstrap, and Cookiebot for cookie consent management, alongside Matomo for analytics, indicating a mature digital presence. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though the absence of a published security policy and incident response contact suggests room for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR, supporting the organization's public service mission effectively.

K

Kuopio

kuopio.fi

0

Kuopio.fi is the official website of the city of Kuopio, Finland, serving as a comprehensive portal for municipal information, public services, and community engagement. The site targets residents, visitors, and local businesses, providing access to city news, events, and administrative resources. The website positions itself as a trusted government authority with a focus on transparency and accessibility. Technically, the site is built on WordPress CMS, utilizing modern web technologies including jQuery, Matomo analytics for privacy-conscious user tracking, and Cookiebot for GDPR-compliant cookie consent management. The infrastructure supports good mobile optimization and accessibility standards, ensuring a positive user experience across devices. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms that respect user privacy. While explicit security headers are not fully evident, no critical vulnerabilities or exposed sensitive data were detected. The domain registration aligns well with the municipal identity, reinforcing trustworthiness. Overall, Kuopio.fi demonstrates a solid digital maturity with good content quality, privacy compliance, and security posture. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and improving visible contact information to further strengthen user trust and compliance.

V

VR-Yhtymä Oyj

vrgroup.fi

0

VR Group is a Finnish state-owned enterprise specializing in transportation, logistics, and maintenance services, with a strong focus on sustainable and carbon-neutral rail and urban mobility solutions. The company operates multiple business units including long-distance rail, urban transport, logistics, and fleet care, serving both consumer and corporate clients. Their market position is significant within Finland and parts of Sweden, supported by a 160-year history and a clear commitment to environmental responsibility. The website reflects a mature digital presence with multilingual support and comprehensive corporate information. Technically, the site employs modern web technologies, including JavaScript frameworks, Google Tag Manager, and Cookiebot for consent management, ensuring good performance, accessibility, and SEO optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms, though explicit security headers and vulnerability disclosure policies are absent. Overall, the domain registration and WHOIS data align well with the company's profile, confirming legitimacy and trustworthiness. The site is safe for general audiences with no adult or questionable content detected.

OnniBus operates as a leading Finnish bus ticket sales platform, providing affordable and reliable bus transportation services across Finland and to neighboring countries. The website offers a user-friendly online booking system, promotional offers, and partnerships with other transportation providers such as Eckerö Line. The company targets travelers seeking cost-effective and convenient bus travel options. Technically, the website employs modern analytics and tracking technologies including Google Analytics, Microsoft Clarity, and Cookiebot for consent management, ensuring compliance with privacy regulations. Security posture is solid with HTTPS enforced and session management in place, though explicit security headers and incident response information are lacking. The absence of WHOIS data for the domain is a notable anomaly that slightly diminishes trust but does not detract from the professional presentation and functionality of the site. Overall, OnniBus presents a mature digital presence with good privacy compliance and a strong market position in the Finnish transportation sector.

J

JULKISEN SANAN NEUVOSTON KANNATUSYHDISTYS RY

vastuullistajournalismia.fi

0

The website vastuullistajournalismia.fi is operated by the Finnish association JULKISEN SANAN NEUVOSTON KANNATUSYHDISTYS RY and focuses on promoting responsible journalism and media ethics in Finland. It provides educational resources, information on journalistic rights, and links to the Public Word Council. The site targets Finnish-speaking students, teachers, and media professionals interested in journalism ethics. The business model is non-profit and educational, with a niche market position in Finnish media ethics education. Technically, the site is built on WordPress using the UIkit framework and jQuery libraries. It uses Typekit fonts and has a moderate performance profile with basic mobile optimization. The hosting and domain registrar are Moonhill Oy, a Finnish provider. The site lacks advanced SEO and accessibility features but maintains a consistent branding and navigation structure. From a security perspective, the site uses HTTPS but lacks important security headers and does not have configured analytics or privacy policies, indicating room for improvement in compliance and security posture. No vulnerabilities or suspicious patterns were detected. The WHOIS data is transparent and consistent with the website's mission, enhancing trustworthiness. Overall, the site is a safe, basic educational resource with moderate technical and security maturity. Strategic improvements in privacy compliance, security headers, and analytics configuration would enhance its security posture and user trust.

S

Suomen Tietotoimisto Oy

lehtikuva.fi

0

Lehtikuva.fi is the digital presence of Suomen Tietotoimisto Oy, Finland's largest photo agency with a history dating back to 1951. The company specializes in news and editorial photography, focusing on Finnish and Nordic themes, and operates a comprehensive image licensing platform. The website reflects a mature digital infrastructure with multilingual support and modern web technologies. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, although some security headers could be enhanced. Privacy compliance is well addressed with clear policies and GDPR-aligned consent. Overall, the site projects professionalism and trustworthiness suitable for media professionals and content buyers.

M

Miamo

miamo.cz

0

Miamo is a Czech ice cream brand that blends traditional production methods with innovative flavors and modern design, targeting a broad audience of ice cream lovers. The brand is supported by TIPAFROST, a significant Czech ice cream manufacturer, indicating a solid manufacturing and distribution foundation. The website presents a professional and user-friendly interface with clear navigation, detailed product offerings, and active social media engagement. Technically, the site is built on WordPress using popular plugins for forms and GDPR compliance, with moderate performance and good mobile optimization. Security posture is generally strong with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit incident response policies. The absence of WHOIS data is a notable concern, reducing domain trustworthiness and suggesting the need for further verification. Overall, the site is well-positioned in its market segment but could improve transparency and security practices.

Meggle.cz is a well-established Czech retail website specializing in dairy and vegan dairy-alternative products. The site offers a variety of product categories including vegan creams, cottage cheese, various creams, butter specialties, and lactose-free options, complemented by recipe content to engage consumers. The website targets Czech consumers interested in these food products and is part of the MEGGLE Group, indicating a strong market presence and brand recognition. Technically, the site is built on the MySUITU CMS platform, uses common JavaScript libraries such as jQuery and ResponsiveSlides, and integrates Google Analytics and Facebook Pixel for marketing and analytics purposes. The site is mobile-optimized with good navigation and SEO practices, although some technical debt is noted with the use of an outdated jQuery version. Security posture is solid with HTTPS enforced and cookie consent implemented, but lacks published privacy policies, terms of service, and advanced security headers. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and updated security practices.

M

Museum of the Rockies

museumoftherockies.org

0

Museum of the Rockies is a well-established cultural and educational institution located in Bozeman, US, focusing on natural history, cultural exhibits, and astronomy. The website presents a professional and informative platform targeting a general audience interested in museum experiences and educational programs. The domain has been registered since 2000, reflecting a stable and legitimate presence. Technically, the website employs modern tracking and analytics tools such as Google Analytics, Facebook Pixel, and Sojern, hosted on Montana State University DNS infrastructure, indicating a reliable hosting environment. However, the site lacks visible privacy and cookie policies, which impacts its compliance posture. Security-wise, HTTPS is properly implemented, but the absence of security headers and vulnerability disclosure mechanisms suggests room for improvement. Overall, the website is trustworthy and professionally maintained but should enhance privacy compliance and security best practices to reduce risk and improve user trust.

ERGO is a well-established insurance provider in Latvia offering a wide range of insurance products for both private individuals and businesses. Their services include vehicle insurance (OCTA, KASKO), health, travel, accident, property, life insurance, and pension products. The company targets Latvian residents and businesses, positioning itself as a comprehensive insurer with a strong local presence and customer support infrastructure. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their audience. Technically, the website employs modern web technologies including JavaScript frameworks, Google Tag Manager for analytics, Usercentrics for cookie consent management, and Genesys for customer messaging. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. Privacy compliance is well addressed through explicit cookie consent mechanisms and a comprehensive privacy policy. From a security perspective, the site enforces HTTPS and uses consent-based tracking, minimizing privacy risks. However, it lacks publicly visible security policies and incident response contacts, which could enhance trust and preparedness. No critical vulnerabilities or suspicious content were detected. Overall, the security posture is solid but could benefit from additional transparency and security headers. The overall risk assessment is low, with the website demonstrating professionalism, compliance, and technical maturity. Strategic recommendations include publishing a dedicated security policy, adding incident response contacts, and enhancing security headers to further strengthen the security posture and user trust.

E

Empat.tech

empat.tech

0

Empat.tech is a Ukrainian-based technology company specializing in custom software and mobile app development services, targeting startups and enterprises globally. Established in 2013, the company has completed over 300 projects across 23 markets, serving clients including Fortune 500 companies and Y Combinator alumni. Their service portfolio includes mobile app development, fintech software, product development, and dedicated developer hiring, positioning them as a trusted partner in the technology sector. The website reflects a professional and consistent brand image with strong trust signals such as client testimonials, press mentions, and industry recognitions.

C

CoronaWhy

coronawhy.org

0

CoronaWhy is a volunteer-driven, international non-profit research organization focused on leveraging artificial intelligence and data science to support the global fight against COVID-19. The organization coordinates over a thousand volunteers worldwide to analyze COVID-19 related data and provide actionable insights to the medical community. Their partnerships with reputable organizations such as NASA JPL, Google Cloud, and CGI enhance their technical capabilities and credibility. The website reflects a mature digital presence with professional design, multimedia content, and active social media engagement. Technically, the site uses modern web technologies including Webflow CMS, Google Analytics, and reCAPTCHA, ensuring good performance and security posture. However, the absence of explicit privacy policies, terms of service, and direct contact information slightly reduces privacy compliance and business credibility scores. Overall, CoronaWhy demonstrates a strong commitment to transparency, collaboration, and scientific rigor, positioning itself as a trusted resource in the COVID-19 research community.

Verslo Frontas is a Lithuanian non-profit platform established in 2023 by the organization Blue/Yellow (VšĮ Mėlyna ir geltona) to facilitate regular financial support from Lithuanian businesses to Ukraine. The platform aims to reduce the burden on large donors by encouraging smaller, regular donations from a broader base of companies. It promotes social responsibility and supports Ukrainian business, education, culture, and community. The website is professionally designed using Hostinger Website Builder and the Astro framework, optimized for mobile devices, and provides clear contact information primarily via email and a Google Forms link for joining the initiative. Technically, the website uses modern web technologies and is hosted by Hostinger. It lacks advanced security headers and privacy compliance documentation, which are areas for improvement. No analytics or tracking scripts were detected, indicating minimal user tracking. The domain registration is recent but consistent with the business launch timeline and hosted by a reputable provider. Security posture is moderate with no critical vulnerabilities detected, but the absence of security headers and privacy policies reduces the overall security and compliance score. The website does not implement GDPR-compliant privacy or cookie policies, which is a compliance gap given its European audience. Overall, the site is trustworthy and serves its non-profit mission effectively but should enhance its security and privacy compliance to improve trust and legal adherence. Recommendations include implementing privacy and cookie policies, adding security headers, publishing incident response and vulnerability disclosure information, and ensuring strong SSL/TLS configuration.

C

Comgate s.r.o.

comgate.sk

0

Comgate s.r.o. is a well-established Slovak payment services provider offering payment gateway and payment terminal solutions primarily targeting e-shops, retail stores, restaurants, hotels, and government entities. With over 20 years of market presence, the company processes over 1.6 billion EUR annually and serves thousands of clients, positioning itself as a trusted player in the finance and e-commerce sectors. The website reflects a professional and comprehensive presentation of their services, emphasizing cost savings, ease of integration, and broad payment method support. Technically, the site uses modern web technologies and a proprietary CMS, delivering a responsive and user-friendly experience. Security posture is strong, supported by PCI DSS Level 1 certification and European payment institution licensing, although some security headers could be explicitly documented. Privacy compliance is evident with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high business credibility and trustworthiness, with no signs of blocking or suspicious activity.

S

Saunia

saunia.cz

0

Saunia.cz is a Czech Republic-based wellness and sauna service provider offering sauna experiences and relaxation services. The website is professionally designed using WordPress CMS and integrates modern marketing and analytics tools such as Google Analytics, Microsoft Clarity, and Cookiebot for GDPR compliance. The site targets general audiences interested in wellness and sauna activities. Technically, the site uses common JavaScript libraries and plugins to enhance user experience and social sharing capabilities. Security posture is good with HTTPS enabled and cookie consent implemented, though additional security headers could improve protection. The absence of WHOIS data reduces domain transparency and trust slightly, but the website content and structure indicate a legitimate business presence. Privacy policy and terms of service pages were not detected in the provided content, which is a compliance gap. Overall, the site is functional, user-friendly, and compliant with basic privacy regulations.

F

Form Factory s.r.o.

formfactory.cz

0

Form Factory s.r.o. operates a regional fitness business in the Czech Republic offering memberships, group exercise classes, and wellness services including sauna and relaxation. The company promotes a mobile app for easy club access and class reservations, targeting fitness enthusiasts and general public interested in health and wellness. The website is built on WordPress with modern SEO and tracking tools, providing a professional and user-friendly experience. Security posture is good with HTTPS and cookie consent, but lacks some security headers and explicit privacy policies. WHOIS data is unavailable, which reduces transparency and trustworthiness, but the website content and branding are consistent and professional.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

0

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

The website nitko.info is a personal portfolio and creative expression platform for Ervin Poljak, featuring poetry, stories, family projects, and other artistic content. It targets a general audience interested in literary and cultural works. The site is small-scale and primarily serves as a personal showcase rather than a commercial business. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, jQuery, and integrates Google Analytics, Google Tag Manager, and Mixpanel for visitor tracking. It is built on the Galaksija CMS and hosted under a domain registered with privacy protection. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak, with no visible HTTPS enforcement or security headers, and no privacy or cookie policies present, indicating poor privacy compliance. The WHOIS data shows a domain age consistent with the site's stated founding year and a registrant country matching the website language, supporting legitimacy. Overall, the site is safe for general audiences but requires significant improvements in security and privacy compliance to enhance trust and protection.

The website ekoart.info is currently inaccessible beyond a minimal 404 Not Found error page, providing no business content, metadata, or user interaction elements. The domain WHOIS data is inconsistent, showing a creation date in the future (January 22, 2025), which raises concerns about the legitimacy and operational status of the domain. There is no evidence of privacy policies, cookie consent mechanisms, contact information, or security policies on the site. Technically, the site lacks any detectable technologies, scripts, or frameworks and does not implement DNSSEC or advanced security headers. The hosting provider is the domain registrar REG.RU LLC, but no further hosting details are available. Overall, the site appears inactive or placeholder with very low trustworthiness and business credibility.

NetTask operates as a reseller storefront under the secureserver.net domain, offering domain registration, web hosting, professional email, and security products. The website targets businesses and individuals seeking reliable and affordable web services. The brand emphasizes 24/7 customer support and a broad international market presence. Technically, the site uses modern web technologies including React-based components, SVG icons, and tag management via Tealium and Google Tag Manager. The site is mobile-optimized and accessible with good SEO practices. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers and incident response policies are not publicly disclosed. Privacy and cookie policies are comprehensive and GDPR compliant. WHOIS data is unavailable, likely due to privacy protection or proxy registration, but the domain is active and consistent with a reseller business model. Overall, the website is professional, trustworthy, and well-maintained, suitable for its target audience.

O

Ombudsman Luxembourg

ombudsman.lu

0

The Ombudsman Luxembourg website serves as the official government mediation office for citizens and residents seeking resolution of complaints related to state and municipal administrations. The site provides clear contact information and a concise description of its public service role, targeting a general audience in Luxembourg. The business model is focused on government mediation and administrative dispute resolution, positioning it as an essential public service entity within the government sector. Technically, the website employs basic technologies including Google Analytics and Google Tag Manager for visitor tracking. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. The absence of a CMS or modern frameworks suggests a simple, possibly custom-built site. No forms or interactive elements were detected, limiting data collection vectors. From a security perspective, the site uses HTTPS but lacks visible security headers and does not provide privacy or cookie policies, which are critical for GDPR compliance. No incident response or vulnerability disclosure mechanisms are present. Tracking scripts indicate moderate user tracking without clear privacy compliance disclosures. Overall, the security posture is basic with room for significant improvement. The overall risk assessment is moderate with no critical vulnerabilities detected but notable gaps in privacy compliance and security best practices. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, enhancing mobile and accessibility features, and establishing incident response contacts to improve trust and compliance.

A

Association Luxembourg Alzheimer

ala.lu

0

Association Luxembourg Alzheimer is a well-established non-profit organization based in Luxembourg, dedicated to supporting people affected by dementia and their families. The organization offers a comprehensive range of services including counseling, a 24/7 helpline, ambulatory care, day centers, and a specialized care home. Their website reflects a strong commitment to accessibility and user support, with multilingual options and detailed service information. The organization maintains an active presence on social media platforms such as Facebook, LinkedIn, and Instagram, enhancing community engagement and outreach. Technically, the website is built on WordPress with modern plugins like Yoast SEO and accessibility tools, ensuring good SEO and compliance with accessibility standards. The site uses Matomo for analytics, indicating a privacy-conscious approach to user tracking. Performance and mobile optimization are good, though some improvements could be made in hosting transparency and performance metrics. From a security perspective, the site enforces HTTPS and provides a cookie consent mechanism with granular user control, aligning with GDPR requirements. However, it lacks published privacy policies, terms of service, and explicit security or incident response policies, which are important for compliance and user trust. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and well-aligned with its mission, but would benefit from enhanced privacy and security disclosures to improve compliance and user confidence.

C

College Park Tutors

collegeparktutors.com

0

College Park Tutors is a specialized tutoring service focused on providing one-on-one academic support to students at the University of Maryland (UMD). Established in 2013, the company offers expert tutoring in STEM subjects such as calculus, physics, engineering, and statistics. Their business model centers on connecting vetted tutors with students for personalized sessions, both online and in-person, emphasizing flexibility and course-specific expertise. The website reflects a strong local market position with clear branding and trust signals including testimonials and detailed course offerings. Technically, the website is built on the UserFrosting CMS framework and leverages modern web technologies including jQuery, Bootstrap, Google Analytics, Facebook Pixel, and Google reCAPTCHA for security and analytics. The site is mobile-optimized with good SEO practices and moderate performance. Hosting is inferred to be via NameCheap, consistent with the domain registrar information. From a security perspective, the site enforces HTTPS, uses CSRF tokens, and integrates reCAPTCHA to protect forms. However, it lacks DNSSEC and security headers such as Content-Security-Policy and X-Frame-Options, which are recommended for enhanced protection. Privacy compliance is basic; while a privacy policy and terms of service are present, there is no cookie consent mechanism, which may be a GDPR compliance gap. Overall, the website is professional, trustworthy, and well-suited for its educational audience. The domain registration data aligns well with the business history, supporting legitimacy. Strategic recommendations include implementing DNSSEC, adding security headers, and introducing a cookie consent banner to improve privacy compliance and security posture.

B

Bloomington Tutors

bloomingtontutors.com

0

Bloomington Tutors is a specialized tutoring service focused on providing one-on-one academic support for Indiana University Bloomington students, particularly in courses such as finite math, calculus, business, and statistics. The company emphasizes personalized tutoring sessions, both online and in-person, with flexible scheduling to meet student needs. Their market position is that of a trusted local educational service with a strong reputation supported by student testimonials and a professional online presence. Technically, the website is built on the UserFrosting PHP framework and leverages modern web technologies including jQuery, Bootstrap, and Google Analytics. The site is well-optimized for mobile devices and offers a fast, accessible user experience. Security-wise, the site uses HTTPS and Google reCAPTCHA for bot protection, but lacks DNSSEC and some advanced security headers, which are recommended for improvement. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite tracking scripts. Overall, the domain registration data aligns well with the business history, supporting legitimacy and trustworthiness.

T

Trilby Media LLC

trilbymedia.com

0

Trilby Media LLC is a specialized technology service provider focused on Grav CMS professional services, custom development, hosting, and support. The company is staffed by the original Grav CMS development team, positioning it as a niche expert in the CMS market. Their website reflects a professional and consistent brand image, targeting businesses and developers seeking Grav CMS solutions. The company is US-based, founded in 2016, and showcases reputable clients, enhancing its market credibility. Technically, the website is built on the Grav CMS platform, leveraging modern web technologies including HTML5, CSS3, JavaScript, and integrates analytics tools such as Google Analytics and Microsoft Clarity. Hosting and DNS services are provided by Cloudflare, with additional security measures like Cloudflare Turnstile CAPTCHA implemented on the contact form. The site is well-optimized for mobile devices and demonstrates good SEO and accessibility practices. From a security perspective, the site uses HTTPS and Cloudflare services, but lacks DNSSEC and explicit security headers such as Content-Security-Policy and HSTS. There are no published privacy or cookie policies, which represents a compliance gap. No incident response or vulnerability disclosure information is provided. The WHOIS data is transparent and consistent with the business identity, supporting legitimacy. Overall, the website is professional, secure to a reasonable extent, and credible, but would benefit from enhanced privacy compliance and security header implementation. Strategic improvements in these areas would strengthen trust and regulatory adherence.

T

Trilby Media LLC

trilby.media

0

Trilby Media LLC is a specialized technology company focused on providing professional services and custom development for the Grav CMS platform. The company is staffed by the original Grav CMS development team, leveraging over 20 years of web development experience. Their market position is strong within the Grav CMS ecosystem, offering consulting, development, migration, managed hosting, and service level agreements to businesses and developers seeking high-quality Grav solutions. The website reflects a professional and consistent brand image targeting a technical audience familiar with Grav CMS. Technically, the website is built on the Grav CMS platform and hosted behind Cloudflare, utilizing modern web technologies including Fork Awesome icons, Google Analytics, Microsoft Clarity, and Cloudflare's Turnstile captcha for spam prevention. The site is well-optimized for performance, mobile responsiveness, and SEO, with a clean and accessible design. However, some security best practices such as DNSSEC and security headers are not fully implemented. From a security perspective, the site uses HTTPS and includes anti-spam measures on its contact form. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit privacy, cookie, security, and incident response policies represents a compliance gap, especially regarding GDPR and data protection transparency. The WHOIS data is consistent with the business identity, showing a legitimate registration with no privacy protection, enhancing trust. Overall, the website presents a low-risk profile with strong business credibility and technical maturity but would benefit from enhanced privacy and security policy disclosures to improve compliance and user trust.

C

Citizenconnect.us

citizenconnect.us

0

Citizen Connect is a small non-profit platform focused on nonpartisan civic engagement and political healing in the United States. It aggregates resources, events, and educational content from over 600 organizations to help Americans find ways to strengthen democracy. The website is built on a modern WordPress infrastructure with integrations such as Google Analytics and Tag Manager, hosted with GoDaddy and using Cloudflare DNS services. The platform demonstrates good technical maturity with responsive design and clear navigation, though it lacks published privacy and cookie policies, which impacts compliance. Security posture is solid with HTTPS and domain protections, but DNSSEC is not enabled and no explicit incident response or vulnerability disclosure information is provided. Overall, the site is trustworthy and professional but could improve privacy compliance and security transparency.