Security Directory

A

Administration du Cadastre et de la Topographie (ACT)

geoportal.lu

0

The Geoportal of the Grand-Duchy of Luxembourg is an official governmental platform providing comprehensive geospatial data, maps, and related services to individuals, professionals, and developers. It serves as the national authoritative source for geodata across multiple sectors including environment, energy, tourism, spatial planning, and agriculture. The platform offers a variety of applications and catalogues, supporting both public and professional users with tools such as 3D printing exports, coordinate conversion, and route planning. The website is well-branded, consistent, and targets a broad audience with multilingual support. Technically, the site employs modern web technologies including jQuery, Modernizr, and SVG icons, and integrates Piwik (Matomo) for analytics. It is mobile-optimized and accessible, with good SEO practices. The site uses HTTPS with strong SSL configuration, although explicit security headers are not detected. Some services require strong authentication, indicating attention to security for sensitive operations. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of a published security policy or vulnerability disclosure limits transparency. Privacy compliance is partial; while terms and conditions and a privacy policy page exist, no cookie consent mechanism is evident. Contact information is limited to a contact form with no direct emails or phone numbers visible. Overall, the site is trustworthy, professionally maintained, and aligned with its governmental role. Strategic improvements in security transparency and privacy compliance would enhance its posture further.

T

The national geoportal of the Grand-Duchy of Luxembourg

g-o.lu

0

The Geoportal of the Grand-Duchy of Luxembourg is an official government platform providing comprehensive geospatial data, maps, and related applications to individuals, professionals, and developers. It serves as the national reference for governmental geodata and services, offering a wide range of thematic maps and tools such as 3D printing, route planning, and data catalogues. The platform is well-branded with government logos and maintains a consistent professional appearance. Technically, the site uses established JavaScript libraries like jQuery and Modernizr, and employs Piwik (Matomo) for analytics, indicating moderate digital maturity. Mobile optimization and accessibility are well addressed, enhancing user experience across devices. Security posture is adequate with HTTPS usage implied, but lacks explicit security headers and cookie consent mechanisms, which are areas for improvement. The absence of WHOIS data limits domain trust assessment, though the official government affiliation and consistent branding support legitimacy. Overall, the site is a reliable and professional government resource with room for enhanced privacy and security compliance.

S

Système d'Information Géographique de la Grande Région

sig-gr.eu

0

The website www.sig-gr.eu represents the Système d'Information Géographique de la Grande Région, a government-backed geographic information system service focused on the Greater Region, including France and Luxembourg. It provides thematic maps, interactive geoportals, metadata catalogs, and open data to support regional planning and cooperation. The site is professionally designed, multilingual, and offers comprehensive content relevant to its target audience of public institutions, researchers, and regional partners. Technically, it is built on Adobe Experience Manager CMS and uses Adobe DTM for analytics, with a responsive design and good accessibility features. Security posture is moderate with HTTPS enforced and cookie consent implemented, though explicit security headers and policies are not evident. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR. Overall, the site is trustworthy and legitimate, though WHOIS data is unavailable due to EURid privacy restrictions. Strategic recommendations include enhancing security headers, publishing incident response contacts, and adding vulnerability disclosure information.

Marcus Hutchins' website serves as a personal brand platform highlighting his expertise as a cybersecurity specialist, speaker, and ex-hacker known for stopping the global WannaCry ransomware attack. The site targets cybersecurity professionals and enthusiasts, offering services such as public speaking, research, and educational content. The business model revolves around personal branding and content dissemination. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, Google Fonts, and Ionicons, hosted behind Cloudflare DNS and CDN services. Analytics are implemented via Google Analytics and Cloudflare Insights, though privacy compliance is limited due to the absence of privacy and cookie policies. Security posture is solid with HTTPS and domain registration protections, but could be enhanced by enabling DNSSEC and adding security headers. Overall, the site is professional, trustworthy, and well-structured, though it lacks some compliance documentation.

I

INSIDE COMMUNICATION

inside-communication.lu

0

INSIDE COMMUNICATION is a communication agency based in Luxembourg focusing on strategies, innovation, and impact. The current website is a placeholder announcing a forthcoming new site and offers a newsletter subscription to keep interested parties informed. The company targets businesses or professionals seeking communication and innovation services. The website's technical infrastructure uses standard web technologies including HTML5, CSS3, JavaScript, and integrates Google Fonts and CreateSend for email marketing. However, the site lacks advanced frameworks or CMS indications and shows basic mobile optimization and accessibility features. Security posture is limited with no visible HTTPS confirmation or security headers, and no privacy or cookie policies are present. The WHOIS data is unavailable due to query rate limits, limiting domain legitimacy verification. Overall, the site is functional but minimal, with room for significant improvements in security, privacy compliance, and content richness.

I

Info-Zenter Demenz

demenz.lu

0

Info-Zenter Demenz is a national information and consultation center in Luxembourg specializing in memory disorders and dementia. The organization provides free services and resources to affected individuals, their families, healthcare professionals, and the general public. The website is professionally designed, well-structured, and offers comprehensive content in French, with multilingual support. It maintains a strong presence through social media and government support, positioning itself as a trusted resource in the healthcare non-profit sector. Technically, the website is built on WordPress with modern technologies including Google Tag Manager, reCAPTCHA, and accessibility tools. It demonstrates good mobile optimization, SEO practices, and performance. The hosting and domain registration appear professional and consistent with the organization's profile. From a security perspective, the site uses HTTPS, has implemented cookie consent mechanisms, and employs reCAPTCHA to protect forms. While explicit security policies and incident response contacts are not found, no vulnerabilities or suspicious activities are detected. Privacy compliance is well addressed with clear policies and consent management. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing security headers, publishing a formal security policy, and maintaining regular audits of third-party scripts to further strengthen security posture.

C

CovenantIQ

archwaysoftware.com

0

CovenantIQ is a specialized SaaS provider focused on scaling middle-market lending through intelligent covenant analysis. Their platform leverages AI to automate and normalize borrower financial data, enabling banks and private credit funds to monitor loan covenants efficiently and mitigate risk. The company targets financial institutions such as banks, private credit funds, and private equity sponsors, positioning itself as a niche innovator in lending analytics. Technically, the website is built on Webflow CMS with integrations including HubSpot for marketing and analytics, Google Tag Manager, and modern web fonts. The site is performant, mobile-optimized, and professionally designed, though some accessibility features could be improved. Security posture is solid with HTTPS enforced and no exposed sensitive data, but lacks some recommended security headers and explicit security or incident response policies. WHOIS data is unavailable due to privacy protection, which is common and justified for this business type, though it slightly reduces transparency. Overall, the website is trustworthy and professional with moderate risk, suitable for its finance technology market niche.

M

Mahalo Technologies, Inc.

mahalobanking.com

0

Mahalo Technologies, Inc. operates a specialized digital banking platform tailored for credit unions, focusing on enhancing member digital experiences through secure, integrated, and customizable solutions. The company positions itself as a niche provider in the financial technology sector, emphasizing security features such as Credential Assurance Technology and deep core integration. The website is professionally designed, leveraging modern technologies and HubSpot CMS, providing a seamless user experience with clear navigation and mobile optimization. Privacy and cookie policies are implemented with consent mechanisms, reflecting good privacy compliance. However, the absence of WHOIS data for the domain raises concerns about domain registration transparency, which slightly impacts overall trustworthiness. Security posture is solid with HTTPS and no exposed sensitive data, but could be improved by adding security headers and incident response information. Overall, the website reflects a credible and professional business with room for enhanced security and compliance disclosures.

Z

Zinnia Health

zinniahealth.com

0

Zinnia Health is a healthcare provider focused on delivering accessible and integrated care across multiple locations in the United States. The company positions itself as addressing unmet patient demand with a modern healthcare delivery model. The website reflects a medium-sized healthcare business founded in 2018, with clear contact information and a professional online presence. Technically, the site is built on modern web technologies including React and Next.js, with Cloudflare DNS and integration of analytics and tracking tools such as Microsoft Clarity and Google Tag Manager. Security posture is generally good with HTTPS enabled and domain status protections, though DNSSEC is not enabled and security headers are not evident. Privacy compliance is limited as no privacy or cookie policies were detected in the provided content. Overall, the site is professional and trustworthy but could improve transparency and compliance documentation.

The website umdpl.info represents a Ukrainian human rights non-profit association named Асоціація УМДПЛ, also branded as “ФРІРАЙТС”. It focuses on digital rights, penitentiary oversight, legal education, criminal justice, and activist protection. The organization targets activists, government bodies, and the general Ukrainian public, providing educational resources, reports, and special projects. The domain is well-established since 2008, supporting the organization's credibility and longevity. Technically, the site runs on an outdated WordPress 4.4.2 CMS with older jQuery libraries, which introduces security risks. The site uses Google Analytics and Facebook SDK for tracking and social media integration. Mobile optimization and accessibility are basic, with moderate performance. No advanced SEO or modern frameworks are detected. Security posture is moderate but with notable gaps: HTTPS is enabled, but no DNSSEC, no security headers, and no cookie consent mechanisms are present. The outdated CMS and libraries increase vulnerability exposure. No explicit privacy or cookie policies were found, indicating compliance gaps with GDPR and related regulations. Overall, the site is functional and credible for its non-profit mission but requires technical and security modernization. Strategic improvements in security headers, CMS updates, privacy compliance, and user experience would enhance trust and reduce risk.

Л

Лабораторія цифрової безпеки

dslua.org

0

Лабораторія цифрової безпеки is a Ukrainian non-profit organization specializing in digital security and the protection of digital rights. The organization supports journalists, human rights defenders, and civil activists in Ukraine by providing expertise in digital security and advocating for human rights in the digital environment through policy influence. The website is professionally designed using WordPress and Elementor, with a clear focus on content relevant to its target audience. Social media integration is strong, enhancing outreach and engagement. Technically, the website employs modern web technologies including WordPress CMS, Elementor page builder, and Cloudflare DNS services. HTTPS is properly configured, ensuring secure communications. However, DNSSEC is not enabled, and security headers are absent, indicating room for improvement in security hardening. The site performs moderately well with good mobile optimization and basic accessibility features. From a security perspective, the site demonstrates a reasonable posture with HTTPS and domain registration protections in place. The absence of privacy and cookie policies, security headers, and explicit contact information for security incidents or data protection officers represents compliance gaps. No vulnerabilities or suspicious patterns were detected in the WHOIS data or site content. Overall, the site is trustworthy but would benefit from enhanced transparency and security practices. The risk assessment is moderate with recommendations to implement DNSSEC, security headers, privacy and cookie policies with consent mechanisms, and publish incident response contacts. These steps would improve compliance with GDPR and other data protection regulations, strengthen security posture, and enhance user trust.

E

European Prison Litigation Network

prisonlitigation.org

0

The European Prison Litigation Network (EPLN) is a specialized non-profit organization dedicated to defending and advancing prisoners’ fundamental rights across Europe. It operates as a network of around 30 civil society organizations and bar associations, focusing on legal advocacy, research, and policy engagement to improve prison conditions and reduce incarceration. The website reflects a professional and well-structured digital presence, supporting multiple languages and providing comprehensive legal resources and publications. Technically, the site is built on WordPress with modern JavaScript libraries and includes GDPR-compliant cookie consent mechanisms. Security posture is generally strong with HTTPS enforced and no visible vulnerabilities, though the absence of explicit security headers and WHOIS transparency are minor concerns. Overall, EPLN presents a credible and trustworthy online presence aligned with its advocacy mission.

I

International Partnership for Human Rights (IPHR)

iphronline.org

0

International Partnership for Human Rights (IPHR) is a Brussels-based independent NGO founded in 2008, focusing on human rights advocacy and support in Central Asia, Eastern Europe, and the South Caucasus. The organization empowers local civil society groups, conducts research and reporting on human rights violations, and engages in advocacy with international institutions. Their website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding. Technically, the site is built on WordPress, hosted on SiteGround, and uses modern SEO and GDPR compliance tools. Security posture is good with HTTPS and domain transfer protections, though DNSSEC is not enabled and some security headers appear missing. No direct contact emails or phone numbers are publicly listed, relying on contact forms and social media channels. Overall, the site is professional, trustworthy, and safe for general audiences.

D

demch.co

zbir.win

0

The analyzed website is a Google Forms page hosted on docs.google.com, designed to facilitate the creation of fundraising pages for non-profit organizations and volunteers, primarily targeting Ukrainian users. The service is provided by demch.co, a small company specializing in web solutions for non-profits since 2013. The form collects essential data such as nickname, page title, payment details, social media contacts, and email for notifications. The platform leverages Google's secure and scalable infrastructure, ensuring reliable hosting and HTTPS encryption. The website demonstrates good technical maturity with fast performance, mobile optimization, and accessibility features. Security posture is strong due to Google's platform protections, though explicit cookie consent and incident response information are not present on the form page. Overall, the site is trustworthy, professional, and serves a clear niche in the non-profit fundraising sector.

3

33-тя окрема механізована бригада

33ombr.com

0

The website represents the official online presence of the 33rd Separate Mechanized Brigade of the Ukrainian Armed Forces. It provides comprehensive information about the brigade's history, structure, equipment, and recruitment opportunities, targeting Ukrainian citizens and supporters. The site is professionally designed with consistent branding and clear navigation, supporting its role as a trusted military information portal. Technically, it is built on WordPress with modern plugins and libraries, ensuring good performance and SEO optimization. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and explicit security policies are absent. Privacy compliance is basic, lacking cookie consent mechanisms. Overall, the site is legitimate, trustworthy, and serves its informational and recruitment purposes effectively.

H

Hromadske Radio

hromadske.radio

0

Hromadske Radio is an independent Ukrainian radio station providing unbiased news, podcasts, and multimedia content focused on Ukraine and global events. The website serves as a digital platform for live broadcasts, podcasts, news articles, and videos, targeting a general audience interested in current affairs and cultural topics. The business operates in the media sector with a medium-sized footprint and was founded in 2017. The domain registration aligns well with the organization's identity and location in Ukraine. Technically, the website uses modern web technologies including Next.js and React, hosted with Cloudflare DNS services. It integrates multiple analytics and tracking tools such as Gemius, Microsoft Clarity, and Google Tag Manager, indicating a mature digital infrastructure. The site is mobile-optimized and offers good user experience and navigation clarity. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks DNSSEC and explicit security headers. There are no visible security or incident response policies published, and privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Contact information is limited to phone numbers, with no email or contact forms detected. Overall, the website is professional and trustworthy with high business credibility but has room for improvement in privacy compliance and security policy transparency. Strategic recommendations include implementing privacy and cookie policies with consent, enhancing security headers, and publishing incident response contacts to strengthen user trust and regulatory compliance.

П

Принцип

pryncyp.com

0

The website www.pryncyp.org represents a Ukrainian non-profit legal advocacy center named "Принцип" focused on supporting military personnel and veterans through legal aid, policy advocacy, and educational initiatives. Founded in 2023 by Masі Nayem and Liubov Galan, the organization provides pro bono legal consultations, conducts analytical research, and promotes veteran policies. The site is professionally designed using WordPress CMS with multilingual support and integrates common web technologies such as jQuery, Swiper, and Select2. It leverages Google Analytics for user tracking and includes donation mechanisms via Patreon and Liqpay. Security posture is solid with HTTPS enforced and no visible sensitive data exposure, though the absence of security headers and explicit privacy/cookie policies indicates room for improvement. WHOIS data is unavailable, limiting domain trust verification, but the website's content, social media presence, and professional branding support its legitimacy. Overall, the site is well-positioned as a trusted resource for its target audience with moderate technical maturity and good user experience.

D

Deutsch-Ukrainische Gesellschaft

deutsch-ukrainische-gesellschaft.de

0

The Deutsch-Ukrainische Gesellschaft (DUG) is a small non-profit organization dedicated to fostering and deepening German-Ukrainian relations across politics, science, culture, and civil society. The organization offers expert dialogues, publications, cultural events, and exchange programs to promote mutual understanding and support Ukraine's integration into European and Euro-Atlantic structures. The website reflects a professional and consistent brand image, targeting stakeholders interested in German-Ukrainian cooperation. Technically, the website is built on WordPress with modern plugins such as Yoast SEO, Contact Form 7, and GDPR Cookie Compliance, ensuring good SEO and privacy compliance. The site uses HTTPS with Google reCAPTCHA for form security and includes a cookie consent mechanism, indicating a mature digital infrastructure. Performance and mobile optimization are good, though some security headers could be improved. From a security perspective, the site demonstrates solid practices including HTTPS enforcement and GDPR compliance. However, no explicit security policy or incident response contacts are published, and security headers are not detected, suggesting room for enhancement. No vulnerabilities or suspicious content were found. Overall, the website is trustworthy, well-maintained, and compliant with privacy regulations, serving its niche audience effectively. Strategic improvements in security headers and transparency around security policies would further strengthen its posture.

L

Lobby X

thelobbyx.com

0

Lobby X is a Ukrainian employment platform and recruiting agency focused on supporting job seekers and employers, with a special emphasis on veterans and military personnel. The company operates a professional website with a clear business model centered on job listings, recruitment services, and career consultations. Their market position is niche but important within Ukraine, supporting progress and victory through employment. Technically, the website is built on WordPress with modern front-end technologies including Bootstrap, jQuery, and Lottie animations, and integrates Google services such as reCAPTCHA and Tag Manager. The site is mobile optimized and SEO friendly, though accessibility is basic. Security posture is adequate with HTTPS and CAPTCHA protections, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business. Strategic recommendations include enhancing security headers, enabling DNSSEC, and improving privacy compliance to strengthen trust and security.

P

PayFast (Pty) Ltd

paygate.co.za

0

PayFast (Pty) Ltd operates a secure and scalable online payment gateway primarily serving businesses in South Africa. The company offers a comprehensive payment processing platform designed to support merchants with efficient and reliable payment solutions. Their market position is solid within the regional fintech space, leveraging modern web technologies and integrations to provide a seamless user experience. The website reflects a mature digital infrastructure with WordPress CMS, SEO optimization, and multiple analytics and marketing tools integrated. Security posture is good with HTTPS enforced and domain registration consistent with the business identity, though some security headers and policies could be improved. Privacy compliance is evident with clear privacy and cookie policies and GDPR considerations. Overall, the business credibility is high with consistent branding and trust signals such as social media presence and structured data.

DGTL-FUSION's website is minimalistic, offering very limited content beyond a single image and a brief description tagline 'Technology that works'. The company behind the domain is Drivechain (Pty) Ltd, a South African entity established in 2004, indicating a mature business presence. However, the website lacks detailed business information, contact details, or descriptions of services, limiting its effectiveness as a digital presence. The absence of metadata such as Open Graph or structured data further reduces its discoverability and user engagement potential. From a technical perspective, the website does not utilize any detectable modern frameworks, CMS, or analytics tools. The hosting appears to be managed through cpns.host/cpns.zone name servers, but no advanced technical features or security headers are present. Mobile optimization and accessibility are basic, and SEO is poor due to minimal content and lack of meta tags. Security posture is weak, with no evidence of HTTPS enforcement or security headers. The domain WHOIS data is transparent and consistent with the business identity, which supports legitimacy. However, the lack of privacy, cookie, or terms of service policies indicates non-compliance with common data protection standards such as GDPR. No incident response or vulnerability disclosure information is provided. Overall, the website presents a low-risk profile due to minimal content and no suspicious elements but suffers from poor professionalism, lack of user engagement features, and weak security and privacy practices. Strategic improvements in content, security, and compliance are recommended to enhance trust and digital maturity.

A

Error

assegaiandjavelin.com

0

The domain assegaiandjavelin.com is currently not connected to an active website and instead serves a Wix error page indicating the domain is not linked to any Wix site. There is no business content, contact information, or policies available on the site. The domain is registered since 2002 with Diamatrix C.C., indicating a long registration history but no active web presence. The technical infrastructure is based on Wix platform using AngularJS and jQuery libraries, but no advanced SEO, security headers, or privacy compliance mechanisms are present. Security posture is weak due to lack of HTTPS information and security headers. Overall, the site is inactive and provides no business or security assurances.

C

Chambre des Députés

propositions.lu

0

The website propositions.lu is an official government platform managed by the Chambre des Députés of Luxembourg. It serves as a digital interface for citizens to participate in the legislative process by submitting and supporting Propositions Motivées aux Fins de Légiférer (PML). The platform is well-structured, primarily in French, and offers clear guidance and resources for legislative participation. The site targets Luxembourgish voters aged 18 and above, providing a transparent and accessible channel for democratic engagement. Technically, the site is built on a modern Angular framework with a responsive design optimized for mobile devices. It employs standard web technologies including Font Awesome and Bootstrap CSS variables. The site uses HTTPS with strong SSL configuration, but lacks some security headers and a cookie consent mechanism, which are recommended for enhanced security and privacy compliance. Accessibility is addressed but with some noted deficiencies. From a security perspective, the site demonstrates good practices such as encrypted data transmission and no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS data limits the ability to fully verify domain registration legitimacy. The site includes comprehensive privacy and legal notices, with a clearly identified Data Protection Officer contact. Overall, the platform presents a trustworthy and professional government service with room for minor improvements in security headers and privacy mechanisms. Strategically, the site supports Luxembourg's democratic processes by enabling direct citizen involvement in lawmaking. It is positioned as a key digital government service with high trustworthiness and professional content quality.

C

Chambre des Députés du Grand Duché de Luxembourg

petitions.lu

0

The website www.petitiounen.lu is the official petition platform of the Chambre des Députés of Luxembourg, enabling citizens to submit and sign public and ordinary petitions. It serves as a government civic engagement tool with a clear focus on transparency and public participation. The platform is well-branded with official logos and provides comprehensive information about petitions, legal notices, data protection, and contact details. Technically, it is built on a modern Angular framework with responsive design and integrates visitor analytics for performance monitoring. Security posture is strong with HTTPS enforced and session management features, though explicit security headers could be improved. Privacy compliance is good with a detailed privacy policy and data protection officer information, but lacks a visible cookie consent mechanism. WHOIS data is unavailable due to malformed queries, limiting domain legitimacy verification, but the official nature of the content and branding strongly supports authenticity.

C

Contact Privacy Inc. Customer 0167022659

eth.limo

0

eth.limo is a technology service focused on making decentralized websites accessible, specifically those built with the Ethereum Name Service (ENS). The website positions itself as a niche service provider facilitating effortless access to blockchain-based web content. The company appears to be a small-sized entity founded in 2021, with domain registration protected by privacy services. The site uses modern front-end technology (Framer) and is hosted on AWS infrastructure, indicating a reasonable level of digital maturity. However, the absence of privacy and cookie policies suggests gaps in compliance and transparency. Security posture is moderate with HTTPS enabled and domain transfer protections in place, but DNSSEC is not enabled and no explicit security policies are published. Overall, the website is professional and functional but would benefit from enhanced privacy compliance and security best practices.

T

The Giving Block

thegivingblock.com

0

The Giving Block is a specialized platform empowering nonprofits to accept cryptocurrency, stocks, and donor-advised fund (DAF) donations. Founded in 2018, it has established itself as a leading service provider in the nonprofit crypto donation space, offering secure and compliant donation forms tailored to the needs of nonprofits and their donors. The website reflects a professional and consistent brand image, targeting nonprofits and crypto donors with clear messaging and structured data to enhance search visibility. Technically, the website is built on WordPress using the Divi theme, supplemented by a variety of marketing and analytics tools including HubSpot, Google Analytics, Microsoft Clarity, and Hotjar. The domain is registered with GoDaddy and uses Cloudflare for DNS, indicating a robust hosting and domain management setup. Mobile optimization and SEO practices are good, though accessibility features are basic. From a security perspective, HTTPS is enabled and domain status flags protect against unauthorized changes. However, the site lacks explicit security headers, published security policies, and vulnerability disclosure mechanisms. Privacy compliance is limited due to the absence of visible privacy and cookie policies or consent mechanisms. The extensive use of tracking and marketing scripts suggests a moderate to extensive user tracking level, which should be balanced with stronger privacy disclosures. Overall, the site is credible and professionally managed but would benefit from enhanced privacy and security transparency to improve compliance and user trust. Strategic recommendations include enabling DNSSEC, publishing comprehensive privacy and cookie policies, implementing security headers, and establishing a vulnerability disclosure program.

P

Plaid Inc.

plaid.com

0

Plaid Inc. is a leading fintech company specializing in providing secure and reliable APIs that enable applications to connect with users' financial data. The company operates primarily in the finance and technology sectors, serving developers, fintech firms, and financial institutions. Plaid's market position is strong, supported by its parent company Visa Inc., and it offers key services such as financial data aggregation, account verification, and payment initiation. The website reflects a mature digital infrastructure with modern technologies and excellent performance, optimized for mobile and accessibility. Security posture is robust, with industry-standard certifications like ISO 27001 and SOC 2, and comprehensive security policies are publicly available. Privacy compliance is well addressed, including GDPR adherence and clear cookie consent mechanisms. Overall, Plaid's website demonstrates high professionalism, trustworthiness, and business credibility.

S

Centrum.cz: Fandíme dobrému obsahu

stdout.cz

0

Centrum.cz is a prominent Czech internet portal providing a variety of services including email, current news, weather updates, and search functionalities. It serves a broad Czech audience seeking reliable and timely information. The website leverages modern web technologies such as React and Next.js, ensuring a responsive and user-friendly experience. The presence of multiple reputable news sources and professional design indicates a mature digital presence. Security-wise, the site enforces HTTPS and includes essential security headers, reflecting a good security posture. However, the absence of explicit privacy and cookie policies, as well as contact information, suggests areas for compliance and transparency improvement. Overall, Centrum.cz appears to be a trustworthy and well-established media portal with room to enhance privacy compliance and user trust through clearer policy disclosures.

C

Centrum.cz

xsd.cz

0

Centrum.cz is a well-established Czech internet portal providing a variety of online services including email, news, and weather updates. The website targets Czech-speaking users seeking reliable and diverse content. Technically, the site is built on modern frameworks such as Next.js and React, leveraging multiple third-party analytics and advertising platforms to monetize and analyze user engagement. Security posture is strong with HTTPS enforced and appropriate security headers, although privacy compliance could be improved by publishing clear privacy and cookie policies. The absence of WHOIS data is likely due to privacy protection, which is common for media portals. Overall, the site presents a professional and trustworthy online presence with room for enhancement in privacy transparency and contact accessibility.

K

Kappa Data

kappadata.be

0

Kappa Data is a value-added IT distributor specializing in networking infrastructure, security, and IoT solutions primarily serving business customers in Belgium and surrounding markets. The company offers a broad portfolio of products and services including technical expertise, training, and events. The website is professionally designed, multi-lingual, and optimized for performance and mobile devices, reflecting a mature digital presence. Security posture is solid with HTTPS and no visible vulnerabilities, though the absence of published privacy and cookie policies indicates room for compliance improvement. WHOIS data is restricted, which is common for business privacy but limits transparency. Overall, the site presents a trustworthy and credible business with a good technical foundation.

C

Conostix S.A.

conostix.com

0

Conostix S.A. is a small Luxembourg-based technology company specializing in security and system services, with a focus on security management consultancy, tailored open source software solutions, and customer care. Founded in 2001, the company positions itself as a niche provider for enterprises requiring advanced security expertise. The website content reflects this business focus but is basic in design and technical sophistication. Technically, the website is a simple HTML and CSS implementation with no detected CMS or advanced frameworks. There is no evidence of HTTPS enforcement or security headers, and mobile optimization is poor. The site lacks privacy and cookie policies, contact information, and incident response details, indicating limited digital maturity and compliance readiness. From a security perspective, the domain is well-established with consistent WHOIS data and clientTransferProhibited status, supporting legitimacy. However, the absence of HTTPS and security headers, as well as missing privacy compliance elements, represent vulnerabilities and compliance gaps. No forms or data collection mechanisms were found, reducing immediate data exposure risks. Overall, the website presents a moderate risk profile with room for significant improvements in security posture, privacy compliance, and technical modernization. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, improving mobile responsiveness, and enhancing security headers and incident response capabilities.

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven cybersecurity entity serving as the national CERT/CSIRT for Luxembourg's private sector, communes, and non-governmental organizations. CIRCL provides a broad range of cybersecurity services including threat intelligence sharing via the MISP platform, dynamic malware analysis, passive DNS historical data, and document sanitization from untrusted USB devices. The organization maintains a strong market position as a trusted government-affiliated cybersecurity resource with a history dating back to 2008 and operates under the Luxembourg House of Cybersecurity (LHC). The website reflects a professional and authoritative presence with comprehensive security advisories and publications.

CEES HARTMAN is a small Dutch business specializing in website creation, online marketing, photography, and video production services. The company uses WordPress as its platform and collaborates closely with clients to design websites that reflect their branding and needs. The website showcases a portfolio of client projects, indicating a focus on small to medium-sized clients. Technically, the website is built on a modern WordPress stack with Elementor and the Customizr theme, providing a responsive and user-friendly experience. However, the site lacks privacy and cookie policies, and no explicit contact emails or phone numbers are provided, which may affect user trust and compliance. Security posture is moderate with HTTPS enabled but missing important security headers. Overall, the site is professional and safe but could improve in privacy compliance and security best practices.

U

Upbooking

upbooking.lu

0

Upbooking is a Luxembourg-based online platform dedicated to the recycling and exchange of used school books, promoting environmental sustainability and offering incentives such as vouchers for new book purchases. The platform targets students and families within Luxembourg, supported by government initiatives as evidenced by the presence of the Luxembourg government logo. Technically, the website is built on WordPress with a custom theme, uses modern tools like Google Tag Manager and Axeptio for cookie consent, and implements good accessibility features. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is strong with comprehensive policies and cookie consent mechanisms in place. Overall, the website is professional, trustworthy, and well-aligned with its educational and governmental mission.

Z

ZONER, s.r.o.

zonercloud.com

0

ZonerCloud, operated by ZONER, s.r.o., is a Slovakia-based cloud services provider specializing in high-performance virtual private servers (VPS), managed hosting, email hosting, cloud storage, and AI/GPU server rentals. The company positions itself as a market leader in VPS performance within its region, leveraging partnerships with VMware and Microsoft to deliver reliable and scalable cloud infrastructure solutions. Their offerings target businesses and developers seeking affordable, powerful, and flexible cloud computing resources with rapid deployment times and strong uptime guarantees. Technically, the website demonstrates a mature digital infrastructure using modern web technologies such as Bootstrap, jQuery, and various UI/UX libraries. It integrates analytics and marketing tools including Google Analytics, Google Tag Manager, and Facebook Pixel, alongside a live chat support system. The site is well-optimized for mobile devices, features comprehensive cookie consent mechanisms, and employs HTTPS with a DigiCert SSL certificate, indicating a strong commitment to security and privacy. From a security perspective, while the site enforces HTTPS and uses secure forms with CSRF tokens, it lacks publicly available formal security policies or incident response disclosures. No critical vulnerabilities or exposed sensitive data were detected in the content. The absence of WHOIS registrant data slightly reduces trust but is mitigated by the professional presentation and trust signals such as certifications and partner logos. Overall, ZonerCloud presents a trustworthy and professional cloud service platform with strong business credibility and technical maturity. Strategic improvements in transparency around security policies and incident response, as well as WHOIS data availability, would further enhance trust and compliance posture.

P

Prva sušačka hrvatska gimnazija u Rijeci

pshg.net

0

Prva sušačka hrvatska gimnazija u Rijeci is a Croatian secondary school providing general and specialized education including classical ballet and contemporary dance programs. The institution is well-established with a domain age since 2007 and holds Erasmus accreditation, indicating active participation in European educational programs. The website serves students, parents, and educators with relevant news, schedules, and contact information. Technically, the site uses standard web technologies such as HTML5, CSS3, jQuery, and Font Awesome, hosted under a reputable registrar. The site is moderately optimized for performance and mobile use, with clear navigation and consistent branding. Security posture is moderate; while HTTPS is assumed, no advanced security headers or DNSSEC are implemented, and no cookie consent mechanism is present, which may affect compliance with privacy regulations. Overall, the site is trustworthy and professional but could improve in security and privacy compliance.

Energetska zadruga "Otok Krk" is a small Croatian energy cooperative focused on promoting renewable energy and energy independence on the island of Krk. The cooperative provides consulting, project support, collective purchasing, and education services to local residents and businesses. Their website reflects a community-oriented business model with clear contact information and active social media presence. Technically, the site uses common web technologies such as jQuery, Bootstrap, and Owl Carousel, providing a moderate performance and good mobile optimization. Security posture is moderate with HTTPS usage but lacks explicit security headers and incident response policies. Privacy compliance is basic with privacy and cookie policies present but no consent mechanism. Overall, the website is professional and trustworthy, with a legitimacy score supported by consistent WHOIS data and domain age.

G

Galaksija

galaksija.hr

0

Galaksija.hr is a Croatian online magazine focused on popularizing science across various disciplines including natural sciences, technology, social sciences, ecology, and medicine. The website offers news articles, blogs, multimedia galleries, and videos targeting a general audience interested in science and education. The business model appears to be content publishing supported by advertising and partnerships with related portals. Technically, the site uses a custom CMS with common web technologies such as jQuery, Bootstrap, and Flexslider, and integrates analytics tools like Google Analytics, Histats, and Mixpanel. The site is accessible via HTTPS and includes a login form for registered users, but lacks advanced security headers and explicit GDPR cookie consent mechanisms. No incident response or security contact information is provided, which could be improved to enhance trust and compliance. Overall, the website is professionally designed with good content quality and moderate technical implementation, suitable for its niche media role.

W

Wellcome

wellcome.org

0

Wellcome is a globally recognized charitable foundation dedicated to advancing discovery research in life sciences, health, and wellbeing. The organization focuses on critical global health challenges including mental health, infectious diseases, and climate-related health issues. Their website reflects a mature digital presence with comprehensive content aimed at researchers, policymakers, and the public, supported by a professional design and clear navigation. The foundation operates with a transparent and user-friendly approach to privacy and cookie management, demonstrating compliance with GDPR and related regulations. Technically, the website leverages modern frameworks such as Next.js and React, hosted on AWS infrastructure, and integrates Google Tag Manager for analytics and marketing. The site is optimized for performance and mobile responsiveness, with good accessibility features. Security posture is strong with HTTPS enforcement and domain protections, though DNSSEC is not enabled and explicit security policies are not published. Overall, the security posture is solid with no evident vulnerabilities or exposed sensitive data. The WHOIS data confirms a long-standing domain registration consistent with the organization's history, using privacy protection appropriately. The site maintains a high level of trustworthiness and professionalism, supported by active social media channels and clear business information.

World Nuclear News is a well-established information service operated by the World Nuclear Association, providing authoritative news, features, and analysis on the global nuclear energy sector. The website targets industry professionals, policymakers, and stakeholders, offering a comprehensive range of content including news articles, podcasts, and newsletters. The business model is centered on information dissemination supported by an industry association, positioning itself as a trusted source within the energy sector. Technically, the website employs modern web technologies such as Bootstrap and jQuery, integrates analytics tools including Google Analytics and Microsoft Clarity, and is hosted with Cloudflare DNS services. The site demonstrates good mobile optimization and SEO practices, though some accessibility features could be enhanced. The infrastructure supports a professional and responsive user experience with moderate performance. From a security perspective, the site enforces HTTPS, uses reCAPTCHA for form protection, and maintains domain registration safeguards. However, it lacks advanced security headers and does not publish explicit security policies or incident response contacts. No vulnerabilities or suspicious activities were detected, indicating a solid security posture but with room for improvement in transparency and DNS security. Overall, the website is professional, trustworthy, and compliant with privacy regulations, including GDPR. It provides clear contact information and maintains consistent branding. Strategic recommendations include enabling DNSSEC, implementing security headers, publishing a security policy, and establishing a vulnerability disclosure program to further enhance security and trust.

E

Eko Kvarner

ekokvarner.hr

0

Eko Kvarner is a Croatian non-profit environmental organization focused on promoting sustainable energy, climate change awareness, and ecological protection in the Kvarner region. The website serves as an information hub providing news, activities, projects, and educational resources to local communities and stakeholders interested in environmental issues. The organization appears well-established with a domain registered since 2012 and clear contact information including physical address, phone numbers, and email. The site content is primarily in Croatian and targets regional audiences. Technically, the website uses an older CMS platform called Galaksija and relies on legacy JavaScript libraries such as jQuery and Fancybox. While the site is accessible and contains meaningful content, it loads some external scripts over unsecured HTTP, which introduces mixed content risks. The site lacks modern security headers and advanced privacy or cookie consent mechanisms, indicating room for improvement in security and compliance maturity. Hosting is provided by Totohost, a Croatian hosting provider, and the domain registrar is CARNET, a reputable Croatian academic network. From a security perspective, the site uses HTTPS but does not implement additional security headers or content security policies. No incident response or security policy pages are found, and no vulnerability disclosure or security.txt files are present. The WHOIS data is consistent with the website's business profile and geographic location, supporting legitimacy. No suspicious or malicious indicators were detected. Overall, the website is functional and provides valuable content for its target audience but would benefit from technical modernization, improved security practices, and enhanced privacy compliance to strengthen trust and resilience against threats.

R

RIKA Innovative Ofentechnik GmbH

rika.at

0

RIKA Innovative Ofentechnik GmbH is an Austrian manufacturer specializing in high-quality heating stoves including pellet, wood-burning, and combination ovens. The company emphasizes innovation, Austrian craftsmanship, and customer-centric services such as an online stove configurator and a broad dealer network. Their market position is that of a reputable medium-sized enterprise with international reach, targeting homeowners seeking efficient and modern heating solutions. Technically, the website employs modern JavaScript libraries and asynchronous loading techniques, hosted on DigitalOcean infrastructure, ensuring fast performance and excellent mobile optimization. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers and explicit incident response policies are absent. Privacy compliance is well addressed with comprehensive policies and GDPR adherence. Overall, the website is professional, trustworthy, and well-structured, supporting the company's business credibility effectively.

G

Gemeindeamt Markt St. Martin

marktstmartin.at

0

The website marktstmartin.at serves as the official online presence of the Gemeindeamt Markt St. Martin, a municipal government entity in Austria. It provides comprehensive information about the community, including news, events, municipal services, tourism, and contact details. The site targets local residents and visitors, offering a user-friendly platform to access essential community resources and updates. The business model is typical of a government website, focusing on public service and community engagement rather than commercial activities. Technically, the website employs a modern but straightforward technology stack including jQuery, Tether, Bootstrap, and PhotoSwipe for image galleries. The site is mobile responsive and well-structured, with good SEO and accessibility basics. Performance is moderate, and the site uses HTTPS, although explicit security headers are not detected. Google Analytics is included but commented out, indicating a cautious approach to user tracking and privacy. From a security perspective, the site demonstrates a basic but adequate posture. There are no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement. Privacy compliance is addressed with a clear privacy policy and cookie consent mechanism, consistent with GDPR requirements. Overall, the website is trustworthy and professional, reflecting the legitimacy of a local government entity. It effectively balances user experience, content quality, and privacy considerations. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility compliance to further strengthen the site's security and compliance posture.

EM-Immobilien is a small real estate company based in Vienna, Austria, specializing in property management and brokerage services. The website serves as a basic informational portal targeting individuals and businesses seeking real estate services locally. The company branding is moderately consistent, with a focus on personal and individual service as indicated by the tagline and logo. The website content is primarily in German and includes references to key services such as property management and real estate brokerage. However, the site lacks comprehensive business contact details and formal privacy or terms of service documentation.

Mic Dorin Bau GmbH is a small, family-run construction company based in Austria, specializing in residential building services including shell construction, facades, outdoor areas, and renovations. With over 10 years of experience, the company targets private homeowners and clients seeking personalized construction solutions. The website reflects a professional and consistent brand image, providing clear contact information and a user-friendly interface. Technically, the site is built using modern frameworks like React and Phenomic, with Google Analytics integrated for visitor tracking and a cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements in security headers and incident response disclosures are recommended. Overall, the domain registration data aligns well with the business claims, indicating a legitimate and trustworthy entity.

L

Latin Studio

latinstudio.at

0

Latin Studio is a small local dance studio based in Austria specializing in Latin dance styles. The website is built on the Wix platform and offers information about dance classes and workshops targeting dance enthusiasts. The technical infrastructure is standard for Wix-hosted sites, with moderate performance and basic mobile optimization. Security posture is basic with HTTPS enabled but lacks security headers and formal privacy or cookie policies. No contact or incident response information is provided, limiting transparency and compliance. Overall, the site is functional but would benefit from enhanced security and privacy features to improve trust and compliance.

E

Etelä-Suomen aluehallintovirasto

avi.fi

0

Etelä-Suomen aluehallintovirasto is a Finnish regional state administrative agency responsible for providing public services, regulatory oversight, and administrative functions in Southern Finland. The website serves citizens, businesses, and authorities by offering information, licensing services, guidance, and event notifications. It is positioned as a key government authority with a clear mandate and a broad service portfolio. The website is multilingual, supporting Finnish, Swedish, English, and Northern Sami languages, reflecting inclusivity and accessibility. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript libraries such as React and jQuery, and integrates analytics via Snoobi. The infrastructure supports responsive design and accessibility standards, ensuring usability across devices and for diverse users. Security posture is strong with HTTPS enforcement and standard security headers, though DNSSEC is not implemented. Privacy compliance is evident with a comprehensive privacy policy and cookie consent mechanisms aligned with GDPR. However, explicit security policies and incident response contacts are not published, which could be improved. Overall, the site reflects a mature digital presence consistent with a government entity, with good trust indicators and professional content.