Security Directory

C

CoronaWhy

coronawhy.org

0

CoronaWhy is a volunteer-driven, international non-profit research organization focused on leveraging artificial intelligence and data science to support the global fight against COVID-19. The organization coordinates over a thousand volunteers worldwide to analyze COVID-19 related data and provide actionable insights to the medical community. Their partnerships with reputable organizations such as NASA JPL, Google Cloud, and CGI enhance their technical capabilities and credibility. The website reflects a mature digital presence with professional design, multimedia content, and active social media engagement. Technically, the site uses modern web technologies including Webflow CMS, Google Analytics, and reCAPTCHA, ensuring good performance and security posture. However, the absence of explicit privacy policies, terms of service, and direct contact information slightly reduces privacy compliance and business credibility scores. Overall, CoronaWhy demonstrates a strong commitment to transparency, collaboration, and scientific rigor, positioning itself as a trusted resource in the COVID-19 research community.

Verslo Frontas is a Lithuanian non-profit platform established in 2023 by the organization Blue/Yellow (VšĮ Mėlyna ir geltona) to facilitate regular financial support from Lithuanian businesses to Ukraine. The platform aims to reduce the burden on large donors by encouraging smaller, regular donations from a broader base of companies. It promotes social responsibility and supports Ukrainian business, education, culture, and community. The website is professionally designed using Hostinger Website Builder and the Astro framework, optimized for mobile devices, and provides clear contact information primarily via email and a Google Forms link for joining the initiative. Technically, the website uses modern web technologies and is hosted by Hostinger. It lacks advanced security headers and privacy compliance documentation, which are areas for improvement. No analytics or tracking scripts were detected, indicating minimal user tracking. The domain registration is recent but consistent with the business launch timeline and hosted by a reputable provider. Security posture is moderate with no critical vulnerabilities detected, but the absence of security headers and privacy policies reduces the overall security and compliance score. The website does not implement GDPR-compliant privacy or cookie policies, which is a compliance gap given its European audience. Overall, the site is trustworthy and serves its non-profit mission effectively but should enhance its security and privacy compliance to improve trust and legal adherence. Recommendations include implementing privacy and cookie policies, adding security headers, publishing incident response and vulnerability disclosure information, and ensuring strong SSL/TLS configuration.

C

Comgate s.r.o.

comgate.sk

0

Comgate s.r.o. is a well-established Slovak payment services provider offering payment gateway and payment terminal solutions primarily targeting e-shops, retail stores, restaurants, hotels, and government entities. With over 20 years of market presence, the company processes over 1.6 billion EUR annually and serves thousands of clients, positioning itself as a trusted player in the finance and e-commerce sectors. The website reflects a professional and comprehensive presentation of their services, emphasizing cost savings, ease of integration, and broad payment method support. Technically, the site uses modern web technologies and a proprietary CMS, delivering a responsive and user-friendly experience. Security posture is strong, supported by PCI DSS Level 1 certification and European payment institution licensing, although some security headers could be explicitly documented. Privacy compliance is evident with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high business credibility and trustworthiness, with no signs of blocking or suspicious activity.

S

Saunia

saunia.cz

0

Saunia.cz is a Czech Republic-based wellness and sauna service provider offering sauna experiences and relaxation services. The website is professionally designed using WordPress CMS and integrates modern marketing and analytics tools such as Google Analytics, Microsoft Clarity, and Cookiebot for GDPR compliance. The site targets general audiences interested in wellness and sauna activities. Technically, the site uses common JavaScript libraries and plugins to enhance user experience and social sharing capabilities. Security posture is good with HTTPS enabled and cookie consent implemented, though additional security headers could improve protection. The absence of WHOIS data reduces domain transparency and trust slightly, but the website content and structure indicate a legitimate business presence. Privacy policy and terms of service pages were not detected in the provided content, which is a compliance gap. Overall, the site is functional, user-friendly, and compliant with basic privacy regulations.

F

Form Factory s.r.o.

formfactory.cz

0

Form Factory s.r.o. operates a regional fitness business in the Czech Republic offering memberships, group exercise classes, and wellness services including sauna and relaxation. The company promotes a mobile app for easy club access and class reservations, targeting fitness enthusiasts and general public interested in health and wellness. The website is built on WordPress with modern SEO and tracking tools, providing a professional and user-friendly experience. Security posture is good with HTTPS and cookie consent, but lacks some security headers and explicit privacy policies. WHOIS data is unavailable, which reduces transparency and trustworthiness, but the website content and branding are consistent and professional.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

0

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

The website nitko.info is a personal portfolio and creative expression platform for Ervin Poljak, featuring poetry, stories, family projects, and other artistic content. It targets a general audience interested in literary and cultural works. The site is small-scale and primarily serves as a personal showcase rather than a commercial business. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, jQuery, and integrates Google Analytics, Google Tag Manager, and Mixpanel for visitor tracking. It is built on the Galaksija CMS and hosted under a domain registered with privacy protection. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak, with no visible HTTPS enforcement or security headers, and no privacy or cookie policies present, indicating poor privacy compliance. The WHOIS data shows a domain age consistent with the site's stated founding year and a registrant country matching the website language, supporting legitimacy. Overall, the site is safe for general audiences but requires significant improvements in security and privacy compliance to enhance trust and protection.

The website ekoart.info is currently inaccessible beyond a minimal 404 Not Found error page, providing no business content, metadata, or user interaction elements. The domain WHOIS data is inconsistent, showing a creation date in the future (January 22, 2025), which raises concerns about the legitimacy and operational status of the domain. There is no evidence of privacy policies, cookie consent mechanisms, contact information, or security policies on the site. Technically, the site lacks any detectable technologies, scripts, or frameworks and does not implement DNSSEC or advanced security headers. The hosting provider is the domain registrar REG.RU LLC, but no further hosting details are available. Overall, the site appears inactive or placeholder with very low trustworthiness and business credibility.

NetTask operates as a reseller storefront under the secureserver.net domain, offering domain registration, web hosting, professional email, and security products. The website targets businesses and individuals seeking reliable and affordable web services. The brand emphasizes 24/7 customer support and a broad international market presence. Technically, the site uses modern web technologies including React-based components, SVG icons, and tag management via Tealium and Google Tag Manager. The site is mobile-optimized and accessible with good SEO practices. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers and incident response policies are not publicly disclosed. Privacy and cookie policies are comprehensive and GDPR compliant. WHOIS data is unavailable, likely due to privacy protection or proxy registration, but the domain is active and consistent with a reseller business model. Overall, the website is professional, trustworthy, and well-maintained, suitable for its target audience.

O

Ombudsman Luxembourg

ombudsman.lu

0

The Ombudsman Luxembourg website serves as the official government mediation office for citizens and residents seeking resolution of complaints related to state and municipal administrations. The site provides clear contact information and a concise description of its public service role, targeting a general audience in Luxembourg. The business model is focused on government mediation and administrative dispute resolution, positioning it as an essential public service entity within the government sector. Technically, the website employs basic technologies including Google Analytics and Google Tag Manager for visitor tracking. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. The absence of a CMS or modern frameworks suggests a simple, possibly custom-built site. No forms or interactive elements were detected, limiting data collection vectors. From a security perspective, the site uses HTTPS but lacks visible security headers and does not provide privacy or cookie policies, which are critical for GDPR compliance. No incident response or vulnerability disclosure mechanisms are present. Tracking scripts indicate moderate user tracking without clear privacy compliance disclosures. Overall, the security posture is basic with room for significant improvement. The overall risk assessment is moderate with no critical vulnerabilities detected but notable gaps in privacy compliance and security best practices. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, enhancing mobile and accessibility features, and establishing incident response contacts to improve trust and compliance.

A

Association Luxembourg Alzheimer

ala.lu

0

Association Luxembourg Alzheimer is a well-established non-profit organization based in Luxembourg, dedicated to supporting people affected by dementia and their families. The organization offers a comprehensive range of services including counseling, a 24/7 helpline, ambulatory care, day centers, and a specialized care home. Their website reflects a strong commitment to accessibility and user support, with multilingual options and detailed service information. The organization maintains an active presence on social media platforms such as Facebook, LinkedIn, and Instagram, enhancing community engagement and outreach. Technically, the website is built on WordPress with modern plugins like Yoast SEO and accessibility tools, ensuring good SEO and compliance with accessibility standards. The site uses Matomo for analytics, indicating a privacy-conscious approach to user tracking. Performance and mobile optimization are good, though some improvements could be made in hosting transparency and performance metrics. From a security perspective, the site enforces HTTPS and provides a cookie consent mechanism with granular user control, aligning with GDPR requirements. However, it lacks published privacy policies, terms of service, and explicit security or incident response policies, which are important for compliance and user trust. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and well-aligned with its mission, but would benefit from enhanced privacy and security disclosures to improve compliance and user confidence.

C

College Park Tutors

collegeparktutors.com

0

College Park Tutors is a specialized tutoring service focused on providing one-on-one academic support to students at the University of Maryland (UMD). Established in 2013, the company offers expert tutoring in STEM subjects such as calculus, physics, engineering, and statistics. Their business model centers on connecting vetted tutors with students for personalized sessions, both online and in-person, emphasizing flexibility and course-specific expertise. The website reflects a strong local market position with clear branding and trust signals including testimonials and detailed course offerings. Technically, the website is built on the UserFrosting CMS framework and leverages modern web technologies including jQuery, Bootstrap, Google Analytics, Facebook Pixel, and Google reCAPTCHA for security and analytics. The site is mobile-optimized with good SEO practices and moderate performance. Hosting is inferred to be via NameCheap, consistent with the domain registrar information. From a security perspective, the site enforces HTTPS, uses CSRF tokens, and integrates reCAPTCHA to protect forms. However, it lacks DNSSEC and security headers such as Content-Security-Policy and X-Frame-Options, which are recommended for enhanced protection. Privacy compliance is basic; while a privacy policy and terms of service are present, there is no cookie consent mechanism, which may be a GDPR compliance gap. Overall, the website is professional, trustworthy, and well-suited for its educational audience. The domain registration data aligns well with the business history, supporting legitimacy. Strategic recommendations include implementing DNSSEC, adding security headers, and introducing a cookie consent banner to improve privacy compliance and security posture.

B

Bloomington Tutors

bloomingtontutors.com

0

Bloomington Tutors is a specialized tutoring service focused on providing one-on-one academic support for Indiana University Bloomington students, particularly in courses such as finite math, calculus, business, and statistics. The company emphasizes personalized tutoring sessions, both online and in-person, with flexible scheduling to meet student needs. Their market position is that of a trusted local educational service with a strong reputation supported by student testimonials and a professional online presence. Technically, the website is built on the UserFrosting PHP framework and leverages modern web technologies including jQuery, Bootstrap, and Google Analytics. The site is well-optimized for mobile devices and offers a fast, accessible user experience. Security-wise, the site uses HTTPS and Google reCAPTCHA for bot protection, but lacks DNSSEC and some advanced security headers, which are recommended for improvement. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite tracking scripts. Overall, the domain registration data aligns well with the business history, supporting legitimacy and trustworthiness.

T

Trilby Media LLC

trilbymedia.com

0

Trilby Media LLC is a specialized technology service provider focused on Grav CMS professional services, custom development, hosting, and support. The company is staffed by the original Grav CMS development team, positioning it as a niche expert in the CMS market. Their website reflects a professional and consistent brand image, targeting businesses and developers seeking Grav CMS solutions. The company is US-based, founded in 2016, and showcases reputable clients, enhancing its market credibility. Technically, the website is built on the Grav CMS platform, leveraging modern web technologies including HTML5, CSS3, JavaScript, and integrates analytics tools such as Google Analytics and Microsoft Clarity. Hosting and DNS services are provided by Cloudflare, with additional security measures like Cloudflare Turnstile CAPTCHA implemented on the contact form. The site is well-optimized for mobile devices and demonstrates good SEO and accessibility practices. From a security perspective, the site uses HTTPS and Cloudflare services, but lacks DNSSEC and explicit security headers such as Content-Security-Policy and HSTS. There are no published privacy or cookie policies, which represents a compliance gap. No incident response or vulnerability disclosure information is provided. The WHOIS data is transparent and consistent with the business identity, supporting legitimacy. Overall, the website is professional, secure to a reasonable extent, and credible, but would benefit from enhanced privacy compliance and security header implementation. Strategic improvements in these areas would strengthen trust and regulatory adherence.

T

Trilby Media LLC

trilby.media

0

Trilby Media LLC is a specialized technology company focused on providing professional services and custom development for the Grav CMS platform. The company is staffed by the original Grav CMS development team, leveraging over 20 years of web development experience. Their market position is strong within the Grav CMS ecosystem, offering consulting, development, migration, managed hosting, and service level agreements to businesses and developers seeking high-quality Grav solutions. The website reflects a professional and consistent brand image targeting a technical audience familiar with Grav CMS. Technically, the website is built on the Grav CMS platform and hosted behind Cloudflare, utilizing modern web technologies including Fork Awesome icons, Google Analytics, Microsoft Clarity, and Cloudflare's Turnstile captcha for spam prevention. The site is well-optimized for performance, mobile responsiveness, and SEO, with a clean and accessible design. However, some security best practices such as DNSSEC and security headers are not fully implemented. From a security perspective, the site uses HTTPS and includes anti-spam measures on its contact form. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit privacy, cookie, security, and incident response policies represents a compliance gap, especially regarding GDPR and data protection transparency. The WHOIS data is consistent with the business identity, showing a legitimate registration with no privacy protection, enhancing trust. Overall, the website presents a low-risk profile with strong business credibility and technical maturity but would benefit from enhanced privacy and security policy disclosures to improve compliance and user trust.

C

Citizenconnect.us

citizenconnect.us

0

Citizen Connect is a small non-profit platform focused on nonpartisan civic engagement and political healing in the United States. It aggregates resources, events, and educational content from over 600 organizations to help Americans find ways to strengthen democracy. The website is built on a modern WordPress infrastructure with integrations such as Google Analytics and Tag Manager, hosted with GoDaddy and using Cloudflare DNS services. The platform demonstrates good technical maturity with responsive design and clear navigation, though it lacks published privacy and cookie policies, which impacts compliance. Security posture is solid with HTTPS and domain protections, but DNSSEC is not enabled and no explicit incident response or vulnerability disclosure information is provided. Overall, the site is trustworthy and professional but could improve privacy compliance and security transparency.

A

AllSides, Inc.

mismatch.org

0

Mismatch.org is an educational platform operated by AllSides, Inc., focused on fostering civic dialogue and understanding among students and educators across political, racial, geographic, and socio-economic divides. The platform supports teachers in building partnerships to strengthen civic learning through meaningful conversations. The website is positioned as a niche non-profit educational service with a clear target audience of educators and students interested in civic engagement. Technically, the site is built on WordPress using a modern theme, hosted on AWS infrastructure, and employs responsive design with good SEO practices. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks advanced DNS security (DNSSEC) and visible security headers. Privacy compliance is weak due to absence of privacy and cookie policies on the site. Business credibility is strong, supported by consistent WHOIS data, social media presence, and partner affiliations. Overall, the site is professional and trustworthy but would benefit from enhanced privacy disclosures and security practices.

Wefunder is a well-established equity crowdfunding platform founded in 2011, enabling individuals to invest in startups and small businesses with low minimums. The platform positions itself as a community-driven investment hub backed by notable venture capitalists and angel investors. The website demonstrates a high level of digital maturity, employing modern JavaScript frameworks, analytics tools, and secure payment integrations with Stripe and Plaid. Security posture is strong with HTTPS enforced, CSRF protections, and reputable third-party services, although explicit security policies and vulnerability disclosures are not publicly visible. Privacy compliance is partial due to the absence of visible privacy and cookie policies in the provided content. Overall, the website is professional, trustworthy, and well-optimized for user experience and mobile devices.

C

Cactus

cactus.lu

0

Cactus is a well-established retail supermarket chain based in Luxembourg, offering a broad range of products including fresh food, household goods, and additional services such as restaurants, home delivery, and customer loyalty programs. The website is professionally designed using Drupal 10 and incorporates modern frontend technologies and analytics tools, indicating a mature digital presence. Security posture is moderate with HTTPS usage and anonymized IP tracking in analytics, but lacks explicit security headers and published privacy policies, which are areas for improvement. The absence of WHOIS data reduces domain trustworthiness from a registration perspective, though the website content and branding strongly suggest a legitimate business. Overall, the site provides a good user experience with clear navigation and mobile optimization.

L

Littlepay

littlepay.com

0

Littlepay is a specialized payments infrastructure provider focused on transit and mobility sectors, offering modular systems for contactless open loop fare collection. The company positions itself as a key player in improving payment experiences for transit operators and mobility services. The website reflects a mature business with a professional digital presence, leveraging modern marketing and analytics tools such as HubSpot, Google Tag Manager, and Visual Website Optimizer. The technical infrastructure is built on WordPress, hosted with Amazon-related services, and employs HTTPS with a valid SSL certificate, ensuring secure communications. However, the site lacks explicit privacy and terms of service policies, which are critical for compliance and user trust. Security posture is generally good with domain protections in place, but could be improved by enabling DNSSEC and adding security headers. Overall, the website is professional and trustworthy but would benefit from enhanced transparency on privacy and security policies.

The website hsl.fi represents HSL Helsingin seudun liikenne, the Helsinki Regional Transport Authority responsible for public transportation services in the Helsinki metropolitan area. The domain is registered consistently with the organization's identity and has been active since 2009, aligning with the business history. However, the website content is currently inaccessible due to a Cloudflare Turnstile human verification challenge, preventing direct content analysis. This limits visibility into the site's privacy policies, contact information, and user experience. The technical infrastructure includes Cloudflare as a security and performance provider, indicating a modern approach to web delivery and protection. Security posture is difficult to fully assess due to the blocking, but the use of Cloudflare suggests baseline protections are in place. Overall, the site is legitimate and trustworthy based on WHOIS data and domain age, but the current access restrictions significantly reduce the ability to evaluate content quality, privacy compliance, and security details.

P

Planet Zemlja

planet-zemlja.hr

0

Planet Zemlja is a Croatian non-profit organization dedicated to environmental awareness, personal ecology, and ecological news dissemination. The website serves as a community platform offering news articles, event announcements, photo and video galleries, and educational content related to ecology. The target audience is the general public interested in environmental issues within Croatia. The business model is informational and community-driven without evident commercial transactions. Technically, the site uses a custom PHP-based CMS with jQuery and various plugins for RSS feeds, weather, and media galleries. External integrations include Google Analytics and Facebook SDK for tracking and social media engagement. However, the site lacks HTTPS on its main URLs, which is a significant security concern. Security headers are absent, and no advanced security or privacy compliance mechanisms are evident. Contact information is limited to forms without explicit emails or phone numbers. Overall, the site is functional but requires modernization and security improvements.

H

Hrvatski Crveni križ

hck.hr

0

Hrvatski Crveni križ is a well-established Croatian humanitarian organization with a strong national presence and a comprehensive portfolio of social, health, and crisis response services. The website reflects a mature digital presence with clear navigation, regional contact points, and integrated donation mechanisms. Technically, the site uses modern web technologies including Bootstrap, Google Analytics, and Google Maps API, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and privacy compliance evident through cookie consent and privacy policies. However, some security headers are missing and no explicit vulnerability disclosure or incident response contacts are published. Overall, the domain registration data aligns well with the organization's identity, supporting high legitimacy and trustworthiness.

L

Liikenne- ja viestintävirasto Traficom

droneinfo.fi

0

Droneinfo.fi is an official Finnish government website operated by the Finnish Transport and Communications Agency Traficom. It serves as a comprehensive informational portal for drone enthusiasts and professionals, providing regulatory guidance, registration services, theory exam information, and updates on drone-related airspace restrictions. The site targets drone operators in Finland, ensuring compliance with EU drone regulations and promoting safe drone usage. The business model is informational and regulatory, supporting government mandates and public service. The website is well-positioned as the authoritative source for drone-related information in Finland.

L

Liikenne- ja viestintävirasto Traficom

kyberturvallisuuskeskus.fi

0

Kyberturvallisuuskeskus, operated by the Finnish Transport and Communications Agency Traficom, is a government cybersecurity center focused on developing and overseeing the operational reliability and security of communication networks and services in Finland. It provides cybersecurity situational awareness, vulnerability disclosures, and guidance to both individuals and organizations. The website is well-maintained, professionally designed, and regularly updated with relevant cybersecurity news and alerts. The organization holds a strong market position as the national authority for cybersecurity under the Finnish government. Technically, the website leverages modern web technologies including React and Apollo GraphQL, with performance optimizations and mobile responsiveness. It uses Matomo for analytics, ensuring privacy compliance with GDPR. The domain is secured with HTTPS and DNSSEC, and the WHOIS data confirms the domain is registered to the official government agency, reinforcing trust and legitimacy. Security posture is robust with no detected vulnerabilities or exposed sensitive data. The site provides comprehensive privacy and cookie policies with user consent mechanisms. However, explicit security headers could be more visible, and a security.txt file for vulnerability reporting is recommended. Overall, the site demonstrates a mature security culture and strong compliance with regulatory requirements. The risk assessment indicates a low risk profile with strong trust indicators. Strategic recommendations include enhancing security header implementation, publishing a security.txt file, and continuous monitoring of third-party scripts. These measures will further strengthen the site's security and trustworthiness.

I

Indiana University

iu.edu

0

Indiana University is a large, established public educational institution in the United States offering over 930 academic programs across nine campuses. The university emphasizes world-class research, global impact, and a comprehensive student experience. The website reflects a mature digital presence with a professional design, clear navigation, and rich content targeting prospective and current students, researchers, and alumni. Technically, the site uses modern web technologies including Rivet UI framework, jQuery, and Google Tag Manager, with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers and cookie consent mechanisms are lacking. Overall, the domain registration and website content are consistent and legitimate, supporting a high trust level.

I

Infinit s.r.o.

infinitdarky.cz

0

Infinit s.r.o. operates the website infinitdarky.cz, offering wellness-related e-commerce services including massages, wellness packages, gift vouchers, and private experiences primarily in the Czech Republic. The company targets a general audience interested in wellness and relaxation services, positioning itself as a reputable regional provider with multiple physical locations. The website demonstrates a good level of digital maturity with modern tracking and consent mechanisms, a clear navigation structure, and professional content presentation. Security posture is adequate with HTTPS and cookie consent implemented, though improvements in security headers and WHOIS transparency are recommended. Overall, the site is trustworthy and professionally maintained, supporting a medium-sized business in the hospitality sector.

V

Valtion tieto- ja viestintatekniikkakeskus Valtori

oskari.org

0

Oskari.org is a Finnish government-affiliated open source project providing a flexible web mapping application platform. The platform targets developers and government agencies needing spatial data infrastructure solutions, leveraging modern web technologies like React and Next.js. The website demonstrates a mature technical infrastructure with fast performance, good accessibility, and clear navigation. Security posture is solid with HTTPS enabled and no exposed sensitive data, though improvements are recommended in DNS security and security headers. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional, reflecting its government backing and active community engagement.

T

Trapeze Finland Oy

junalahdot.fi

0

The website junalahdot.fi is an official Finnish transportation information service operated by Trapeze Finland Oy under the Fintraffic brand. It provides real-time train departure and arrival schedules for all passenger train stations in Finland, leveraging live train movement data. The site targets the general public and train passengers, offering a user-friendly interface with search and favorites functionality. The domain registration and WHOIS data are consistent with the business identity and location, indicating legitimacy and stability. Technically, the website uses a modern tech stack including Bootstrap, FontAwesome, OpenLayers, and jQuery, with Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized and designed with good usability and navigation clarity. However, some security best practices such as security headers are not visibly implemented, representing an area for improvement. The site enforces HTTPS and does not expose sensitive data, contributing to a solid security posture. From a security and compliance perspective, the site includes a comprehensive privacy policy consistent with GDPR requirements and a cookie consent mechanism. No explicit incident response or vulnerability disclosure policies are found on the site, which could be enhanced to improve transparency and security readiness. No critical vulnerabilities or suspicious patterns were detected. Overall, junalahdot.fi is a trustworthy, well-maintained public service website with good technical and business credibility. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and maintaining transparency in data protection practices to further strengthen trust and compliance.

T

The Lawfare Institute

lawfaremedia.org

0

The Lawfare Institute operates a professional, non-profit multimedia platform dedicated to providing in-depth, non-partisan analysis on national security law and policy. The website offers a rich mix of articles, podcasts, videos, and research projects, positioning itself as a trusted source in its niche. Technically, the site is built on the Sitefinity CMS, leveraging modern JavaScript libraries and CDN hosting to ensure fast, responsive, and accessible user experiences. Security posture is strong with HTTPS enforced and sandboxed embedded content, though some security headers could be improved. Privacy compliance is moderate, with a privacy/support page present but no explicit cookie or terms of service pages detected. Overall, the site demonstrates high professionalism and trustworthiness, supported by its affiliation with the Brookings Institution. WHOIS data is unavailable, likely due to privacy protection, but this is consistent with the organization's profile.

G

glammr.us

glammr.us

0

glammr.us operates as a niche Mastodon instance dedicated to individuals interested in galleries, libraries, archives, museums, memory work, and records (GLAMMR). It provides a decentralized, harassment-free social media platform emphasizing inclusivity and community support. The platform encourages diverse content beyond GLAMMR topics, fostering a welcoming environment for all users. The business model relies on community donations via Patreon and Ko-Fi to sustain server operations. Technically, the site is built on the Mastodon platform using modern web technologies including React and ES modules, delivering a moderately performant and mobile-optimized user experience. Security posture is adequate with HTTPS enforced and domain transfer protections in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is basic, with a privacy policy present but lacking cookie consent mechanisms and GDPR-specific disclosures. Overall, the site demonstrates good business credibility and technical maturity for a small independent social media server.

S

Saturation

saturation.social

0

Saturation.social is a small, invitation-only decentralized social media server powered by Mastodon and a Hometown fork. It targets users who value a social media experience focused on community and trust rather than commercial interests or power dynamics. The platform emphasizes open source technology and a grassroots approach to social networking. Technically, the site uses modern web technologies including React-based components and serves content over HTTPS with good SSL configuration. However, it lacks some security headers and formal security policies. Privacy compliance is basic with a privacy policy present but no cookie consent or GDPR-specific indicators. The site does not engage in advertising or tracking, enhancing user privacy. Overall, the platform is a niche community with moderate technical maturity and a good security posture but could improve in privacy compliance and formal security documentation.

T

tech.lgbt Moderators

tech.lgbt

0

tech.lgbt operates as a niche Mastodon instance providing a federated social networking platform primarily for LGBTQIA+ individuals and allies interested in technology and academic topics. The platform fosters community engagement through posts, hashtags, and news aggregation from across the fediverse, positioning itself as a trusted space for marginalized identities within the tech sector. The website's content and user base reflect a focused community with approximately 2.7K active users, indicating a small but engaged audience. The business model centers on community-driven social networking without commercial advertising or tracking, emphasizing privacy and inclusivity. From a technical perspective, the site leverages modern web technologies including React and JavaScript ES modules, hosted on DigitalOcean with domain registration via NameCheap. The platform runs Mastodon version 4.4.0-alpha.5+glitch, indicating active maintenance and use of open-source social networking software. The website demonstrates good mobile optimization and basic accessibility features, though SEO and performance optimizations are moderate. The absence of cookie consent mechanisms and some security headers suggests areas for improvement in compliance and security hardening. Security posture is solid with HTTPS enforced and no exposed sensitive data detected. However, the lack of DNSSEC and security headers such as CSP or HSTS represents potential vulnerabilities. The WHOIS data shows privacy protection for the domain registrant, which is justified given the community nature of the platform. No incident response or vulnerability disclosure policies are publicly available, which could be enhanced to improve trust and security readiness. Overall, tech.lgbt presents a professional, trustworthy, and community-focused platform with a strong emphasis on privacy and inclusivity. Strategic recommendations include enabling DNSSEC, implementing comprehensive security headers, adding cookie consent and vulnerability disclosure policies, and providing clearer contact information for security incidents. These steps would enhance compliance, security posture, and user trust, supporting sustainable growth and resilience in the federated social networking space.

W

Wiener Städtische Versicherungsverein

airt.at

0

The website www.airt.at represents the cultural exhibition series "Architektur im Ringturm" managed by the Wiener Städtische Versicherungsverein, part of the Vienna Insurance Group. It serves as a platform to showcase architectural and cultural exhibitions primarily focused on Central and Eastern Europe. The site offers detailed information about current and past exhibitions, architecture talks, and historical context of the Ringturm building. It targets architecture and culture enthusiasts and operates as a free-entry exhibition series supported by sponsorships. Technically, the site is built on WordPress with modern plugins and libraries, including multilingual support and spam protection via Google reCAPTCHA. The website demonstrates good digital maturity with responsive design, SEO optimization, and accessibility considerations. Security posture is solid with HTTPS enforced and spam prevention on forms, though some security headers could be improved. Privacy compliance is strong, featuring a comprehensive privacy policy, cookie consent banner with opt-in, and GDPR-aligned data collection practices. Overall, the site is professional, trustworthy, and well-maintained, reflecting the reputable parent organization. No critical security or compliance issues were detected.

J

Jarrett & Lam

jandl.digital

0

J&L Digital is a UK-based IT services and software development company founded in 2023, offering a broad range of digital solutions including website development, software systems, IT services, app development, and VoIP telephone systems. The company targets businesses seeking tailored IT and digital solutions and operates with a professional and consistent brand presence. Their market position is that of a small but globally oriented technology service provider with regional offices in Europe, Asia, and Australia. Technically, the website employs modern web standards with HTML5, CSS3, and JavaScript, integrating Matomo and Google Tag Manager for analytics. Hosting and DNS services leverage Cloudflare and IONOS SE, ensuring good performance and security. The site is mobile optimized and SEO friendly, with a cookie consent mechanism that supports GDPR compliance. From a security perspective, the website uses HTTPS with a strong SSL configuration and displays a Cyber Essentials certification badge, indicating adherence to recognized UK security standards. However, DNSSEC is not enabled, and no explicit security policy or incident response contact information is published. The domain registration is privacy protected but consistent with the business's UK location and recent founding date, supporting legitimacy. Overall, the website is professional, secure, and compliant with privacy regulations, with minor recommendations to enhance DNS security and publish security policies. The risk level is low, and the company demonstrates a solid foundation for trust and digital maturity.

F

Fiva Events

fivaevents.com

0

Fiva Events operates as a niche platform dedicated to classic and historic vehicle events, providing event listings and application forms primarily for enthusiasts and organizers within this specialized community. The website presents a professional and consistent brand image with a focus on user-friendly event search and application functionalities. Technically, the site leverages modern frontend technologies such as Alpine.js and Laravel Livewire, ensuring a responsive and interactive user experience. The presence of HTTPS and reCAPTCHA integration indicates a baseline commitment to security, although the absence of comprehensive security headers and privacy policies suggests room for improvement in compliance and protection measures. The lack of publicly available WHOIS data raises questions about domain registration transparency, which could impact trustworthiness. Overall, the site is functional and well-designed but would benefit from enhanced privacy compliance and clearer business contact information to strengthen credibility and user trust.

I

Istarska županija

istra-istria.hr

0

The website www.istra-istria.hr serves as the official online presence of the Region of Istria, a Croatian regional government entity. It provides comprehensive information about the region's governance, geography, culture, economy, and contact details. The site targets residents, tourists, and stakeholders interested in regional affairs. The business model is focused on public administration and information dissemination, positioning itself as a trusted government resource with certifications such as ISO 9001 and membership in the Assembly of European Regions. Technically, the site is built on Django CMS and leverages modern web technologies including jQuery, Google Analytics, and Slider Revolution. It demonstrates good mobile optimization, accessibility, and SEO practices. Hosting and domain registration are consistent with a Croatian government entity, registered with CARNET since 2001. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism, but lacks published security policies, incident response information, and security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with no dedicated privacy policy page but a functional cookie banner and settings modal. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include publishing a privacy policy, security policy, and incident response details, enhancing security headers, and adding a security.txt file to improve transparency and security posture.

V

Valamar

valamar.com

0

Valamar is a prominent hospitality company operating holiday hotels and resorts primarily in Croatia and Austria. Their website showcases a wide range of properties catering to diverse holiday types including family, premium, lifestyle, camping, and wellness. The company targets tourists seeking quality accommodation and holiday experiences in popular destinations such as Dubrovnik, Makarska, Hvar, and others. The website is built using modern technologies like SvelteKit and integrates advanced marketing and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and consent management implemented, though explicit security policies and incident response details are not publicly available. The absence of WHOIS registration data is a concern but does not detract significantly from the overall professionalism and trustworthiness of the site. Strategic recommendations include publishing detailed security and incident response policies and establishing a vulnerability disclosure program to enhance transparency and trust.

P

Plava Laguna

plavalaguna.com

0

Plava Laguna is a hospitality company specializing in providing accommodation services including hotels, villas, and apartments primarily in the Istria region of Croatia, focusing on destinations such as Porec and Umag. The company targets tourists seeking quality lodging options in this popular travel area. The website demonstrates a solid digital presence with a modern technical infrastructure built on Next.js and React, integrating advanced analytics and marketing tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly available. The website is well-optimized for SEO and mobile devices, providing a good user experience. However, the WHOIS data is missing or inaccessible, which raises some concerns about domain registration transparency. Overall, the site appears professional and trustworthy, with room for improvement in publishing security and compliance documentation.

IRTA d.o.o. is a medium-sized regional tourism development agency based in Istria, Croatia, established in 2004. The company manages official tourism portals, contact and sales centers, and develops cultural and outdoor tourism products to promote the Istrian region. Their market position is strong within the regional tourism sector, serving tourists and local businesses with comprehensive information and services. Technically, the website uses a custom CMS with modern JavaScript libraries and Google services, but lacks HTTPS which is a significant security gap. The privacy policy is comprehensive and GDPR compliant, with a named data protection officer, reflecting good privacy awareness. However, the absence of HTTPS and security headers lowers the security posture. Overall, the site is professional and trustworthy but requires security improvements to align with best practices.

A

Aminess d.d.

aminess.com

0

Aminess d.d. operates a professional hospitality website offering hotels, resorts, campsites, and holiday homes primarily located along the Croatian Adriatic coast. The company targets tourists seeking quality accommodation and leisure experiences, supported by a loyalty program and themed holiday types. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and integrates analytics and advertising tools such as Google Tag Manager and Bing Ads. It demonstrates good digital maturity with responsive design, SEO optimization, and accessibility features. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though the absence of a published security policy and incident response information is noted. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The lack of WHOIS data for the domain is a concern but does not detract significantly from the overall legitimacy given the professional presentation and contact transparency. Strategic recommendations include publishing security and incident response policies and considering a vulnerability disclosure program to enhance trust.

The website zhuk.cc is a personal blog primarily focused on technology topics, especially Joomla extensions, Oracle, Java, and various hobbies. It serves a niche audience of developers and technology enthusiasts interested in Joomla components and related software. The site offers technical articles, extension releases, and community forums, positioning itself as a resource hub for Joomla users. The business model revolves around content publishing and software extension distribution, with demonstration sites and forums supporting user engagement. Technically, the site is built on WordPress 6.8.1 using the Total theme and incorporates multiple JavaScript libraries such as jQuery, Owl Carousel, and Font Awesome. The platform is moderately optimized for performance and mobile use, with basic SEO and accessibility features. The site is fully accessible over HTTPS, indicating good SSL configuration, but lacks advanced security headers and privacy compliance mechanisms. From a security perspective, the site shows a moderate security posture with HTTPS enabled and no exposed sensitive data. However, it lacks explicit security headers, privacy and cookie policies, and incident response contacts, which are important for compliance and trust. No WAF or blocking mechanisms are detected, and the site content is safe for general audiences with no adult or questionable material. Overall, the site is a well-maintained personal technology blog with good content quality and business credibility but has room for improvement in privacy compliance and security best practices. Strategic recommendations include implementing privacy and cookie policies, adding security headers, and providing clear contact information for security incidents to enhance trust and compliance.

E

European Mathematical Society - EMS - Publishing House GmbH

ems-ph.org

0

EMS Press is the official publishing house of the European Mathematical Society, specializing in high-quality academic publishing in mathematics. It offers a portfolio of peer-reviewed journals and books, focusing on open access and sustainable publishing models. The website reflects a mature digital presence with modern technologies such as React and Next.js, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC and explicit security policies could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, EMS Press presents a trustworthy and professional platform serving the academic mathematics community.

A

American Mathematical Society

ams.org

0

The American Mathematical Society (AMS) is a well-established non-profit organization dedicated to advancing mathematical research, education, and professional development. The website serves as a comprehensive portal for AMS's diverse offerings including publications, memberships, conferences, grants, and advocacy efforts. The AMS holds a strong market position as a leading mathematical society with a global reach and a history dating back to 1888. The site targets mathematicians, educators, students, and professionals, providing valuable resources and community engagement opportunities. Technically, the website employs modern web technologies such as Bootstrap 5, jQuery, MathJax, and integrates multiple analytics and tracking tools including Google Analytics, Hotjar, and Microsoft Clarity. The site is mobile-optimized, accessible, and demonstrates good SEO practices. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security headers could be improved. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms in place. Overall, the AMS website reflects a mature digital infrastructure supporting a reputable organization. The lack of WHOIS data is mitigated by consistent branding, comprehensive contact information, and domain name alignment. The security and privacy practices align well with expectations for a large non-profit educational entity. Strategic recommendations include enhancing security headers, publishing a dedicated security policy and incident response contacts, and ongoing monitoring of third-party scripts to maintain security integrity.

P

PWN

pwn.nl

0

PWN is a well-established regional utility company based in the Netherlands, specializing in sustainable drinking water supply and nature management in the Noord-Holland region. The website reflects a professional and consistent brand presence, targeting residents and businesses in the area with services such as water supply and water meter reading. The digital infrastructure leverages modern web technologies including Angular, Cookiebot for consent management, and analytics platforms like Piwik PRO and Google Tag Manager, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place; however, the absence of explicit security headers and published security policies suggests room for improvement. Privacy compliance is partially addressed through cookie consent but lacks a visible privacy policy and terms of service, which are critical for full GDPR compliance. Overall, the website is trustworthy and safe for general audiences, with no adult or questionable content detected.

C

Centrum Wiskunde & Informatica (CWI)

cwi.nl

0

Centrum Wiskunde & Informatica (CWI) is the national research institute for mathematics and computer science in the Netherlands. It conducts pioneering fundamental research in key areas such as algorithms, data and intelligent systems, cryptography and security, and quantum computing. The institute collaborates closely with Dutch universities and industry partners, providing education and knowledge transfer through semester programmes and joint research initiatives. CWI is positioned as a leading academic and research entity within the Dutch and international scientific community. The website infrastructure is modern and professionally implemented, utilizing JavaScript, CSS, MathJax for mathematical rendering, and Piwik/Matomo for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with clear navigation and consistent branding. Privacy and cookie policies are present with consent mechanisms, reflecting good compliance with GDPR requirements. However, explicit security policies and incident response information are not published. Security posture is strong with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The site could improve by adding security headers and publishing a vulnerability disclosure or security.txt file. WHOIS data confirms the legitimacy of the domain, matching the institutional identity and country. Overall, the website is trustworthy, professional, and serves its academic audience effectively.

F

Foundation Compositio Mathematica

compositio.nl

0

Compositio Mathematica is a well-established academic journal specializing in pure mathematics, owned by the Foundation Compositio Mathematica. The website serves as a portal for publishing research papers, supporting open access journals, and sponsoring mathematical activities. The target audience primarily consists of academic researchers and mathematicians. The business model revolves around academic publishing with revenues reinvested into the mathematical community. Technically, the site uses modern web technologies including React and Ant Design, hosted by Hostnet B.V., with moderate performance and good mobile optimization. Security posture is solid with HTTPS and DNSSEC enabled, though improvements can be made by adding security headers and cookie consent mechanisms. Overall, the website is professional, trustworthy, and content-rich, with no signs of malicious activity or compliance violations.

The website liesen.lu is an official educational platform managed by SCRIPT, a Luxembourg government entity focused on reading initiatives in primary schools. It serves as an information hub providing catalogs, reading projects, pedagogical materials, and related educational content targeted at educators and schools in Luxembourg. The site is well-branded with government logos and maintains a consistent educational focus. Technically, the site is built on Drupal 9 CMS, leveraging modern frontend libraries such as Font Awesome and jQuery. It employs tarteaucitron.js for cookie consent management and uses Matomo for privacy-conscious analytics. The hosting appears to be managed by Restena Foundation, a known Luxembourg educational network provider. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit public security policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's government and educational nature, indicating legitimacy and trustworthiness. Overall, the site presents a low-risk profile with good privacy compliance and business credibility. Strategic improvements could include adding explicit security headers, publishing security policies, and enhancing incident response transparency.

S

Service national de la jeunesse

snj.lu

0

The Service national de la jeunesse (SNJ) is a Luxembourg government entity dedicated to youth development and support. It operates multiple youth centers and programs aimed at fostering responsible citizenship and active participation among young people. The website reflects a well-established governmental service with a clear mission and target audience of youth and youth sector actors. The digital infrastructure is based on WordPress with modern compliance features such as GDPR cookie consent and Matomo analytics hosted locally, indicating a mature digital presence. Security posture is good with HTTPS and privacy mechanisms, though some security headers and formal policies could be improved. The absence of WHOIS data limits domain trust assessment, but the official branding and contact information support legitimacy. Overall, the site is professional, trustworthy, and well-aligned with its public service role.

S

Service de médiation scolaire

mediationscolaire.lu

0

The website mediationscolaire.lu represents the official Service de médiation scolaire, a government entity in Luxembourg dedicated to supporting parents, students, and school personnel in resolving conflicts within the educational system. The service operates independently within the Ministry of National Education and targets the Luxembourg community with mediation services related to primary and secondary education. The site is professionally designed with clear navigation, multilingual support, and accessibility features, reflecting a strong commitment to user experience and inclusivity. Technically, the website is built on WordPress 6.7.1, utilizing Bootstrap for responsive design, jQuery, and Matomo for analytics. It employs GDPR-compliant cookie consent mechanisms and demonstrates good mobile optimization and SEO practices. The hosting provider is not explicitly identified, but the site uses HTTPS with excellent SSL configuration, ensuring secure data transmission. From a security perspective, the site enforces HTTPS and cookie consent but lacks explicit security headers and a published security or incident response policy. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the website's government affiliation and Luxembourg location, supporting the site's legitimacy. Overall, mediationscolaire.lu is a trustworthy, well-maintained government service website with strong privacy compliance and good technical implementation. Strategic improvements include adding security headers, publishing a security policy, and providing incident response contact information to enhance security posture and user trust.