Security Directory

FlyCRC, operating as the Caribbean Reunion Club, is an online travel agency specializing in flights, hotels, and holiday packages focused on the Caribbean region. The website offers a range of services including flight bookings, hotel reservations, car hire, parking, and transfers, targeting travelers interested in Caribbean vacations. The business positions itself as a niche specialist with certifications such as ATOL protection and IATA licensing, enhancing its credibility in the travel sector. Technically, the website employs modern JavaScript libraries including jQuery and FontAwesome, integrates tracking and marketing tools like Google Analytics, Facebook Pixel, and Google Tag Manager, and enforces HTTPS for secure communications. The site is mobile optimized and presents a professional design with clear navigation, although accessibility features are basic and some security headers are missing. From a security perspective, the site benefits from HTTPS and secure form handling but lacks important security headers and does not display privacy or terms of service policies, which are compliance gaps. The absence of WHOIS registration data raises concerns about domain legitimacy, although the website content and trust indicators suggest a legitimate business. No signs of malware or phishing were detected. Overall, the website demonstrates a moderate to good security posture and business credibility but should address compliance and security best practices to improve trust and regulatory adherence.

T

Thali Outlet

thalioutlet.com

68

Thali Outlet is a local wholesale cash and carry business based in Leeds, UK, specializing in compostable and disposable tableware, food packaging, cleaning products, and event catering supplies. The website presents a professional and well-structured e-commerce platform targeting trade customers and catering businesses. The business model focuses on wholesale distribution with a clear emphasis on eco-friendly and disposable products. The site is optimized for local trade customers and provides a range of product categories to serve event and catering needs. Technically, the website leverages a modern tech stack including Bootstrap, jQuery UI, Google Fonts, and Google Analytics (both Universal and GA4). It is hosted on a Symphony Commerce platform, indicating a specialized e-commerce infrastructure. The site is mobile-optimized with good SEO practices and includes cookie consent mechanisms aligned with GDPR requirements. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site uses HTTPS with valid SSL certificates and implements cookie consent with granular user controls. However, no explicit security headers were detected, and there is no visible security policy or incident response contact information. The absence of WHOIS registration data raises concerns about domain legitimacy, although the website content and privacy policies suggest a legitimate business operation. No critical vulnerabilities or exposed sensitive data were found. Overall, the website is functional, professional, and compliant with privacy regulations but would benefit from enhanced transparency regarding domain registration, contact information, and security policies. Strategic recommendations include implementing security headers, publishing a security policy, and verifying domain registration details to improve trust and credibility.

A

American Society for Engineering Education

asee.org

59

The American Society for Engineering Education (ASEE) operates a comprehensive and professionally designed website serving the engineering education community. ASEE is a well-established non-profit organization with over 130 years of history, providing membership services, conferences, publications, and professional development resources. The website targets educators, students, and professionals in engineering education, offering a broad range of services including job classifieds, fellowships, and community engagement. Technically, the site leverages modern web technologies such as jQuery, Bootstrap, and integrates analytics tools like Google Analytics and Hotjar, hosted on Microsoft Azure CDN, ensuring moderate to good performance and mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers and cookie consent mechanisms are recommended to enhance compliance and protection. Overall, ASEE.org presents a trustworthy, content-rich platform aligned with its educational mission.

A

Alcon

alcon.com

72

Alcon is a globally recognized leader in eye care, specializing in innovative vision products and treatments that improve quality of life. The company targets healthcare professionals and consumers seeking advanced eye health solutions. The website reflects a mature digital presence built on Drupal 11, incorporating modern monitoring and consent management tools. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response details are not published. Overall, the site demonstrates professionalism, trustworthiness, and compliance with privacy regulations, supporting Alcon's market position as a reputable healthcare enterprise.

E

Emload

emload.com

56

Emload operates as a cloud file hosting service offering subscription-based plans with tiered storage and bandwidth options. The website presents a professional and modern interface with clear navigation and pricing transparency, targeting general users seeking cloud storage solutions. The technical infrastructure leverages popular JavaScript libraries such as jQuery and Axios, integrates Google services including reCAPTCHA and Tag Manager, and appears hosted behind Cloudflare, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and bot protection mechanisms in place; however, the absence of security headers and explicit incident response policies suggests room for improvement. Privacy compliance is basic, with a privacy policy present but lacking cookie consent mechanisms and GDPR indicators. The lack of WHOIS registration data is a significant concern, impacting trust and legitimacy assessments. Overall, the site is functional and professional but requires enhancements in security transparency and compliance to strengthen its risk profile.

S

SIA Madara

madara.lv

48

SIA Madara operates a website focused on providing office and industrial space rental services in Jelgava, Latvia, alongside metal container sales and machine building services. The company targets local businesses and industrial clients seeking large rental spaces and related manufacturing products. The website is professionally designed with clear navigation and multilingual support, primarily in Latvian with English and Russian options. The technical infrastructure employs a variety of JavaScript libraries and frameworks, including jQuery, Bootstrap, and Google Maps API, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features are basic. Security posture is moderate; while HTTPS is presumed, no explicit security headers or incident response policies are evident. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism implemented. Business credibility is supported by clear contact information and a certification page, though the absence of terms of service and incident response contacts are noted. Overall, the website presents a trustworthy and professional front for a small local business with room for security and compliance improvements.

S

SIA NMS RIGA

e-medica.lv

53

E-MEDICA, operated by SIA NMS RIGA, is a Latvian-based supplier specializing in disinfection, hygiene, and medical products with a focus on fast delivery across Latvia. The website presents a professional e-commerce platform targeting both business and consumer customers in the healthcare and hygiene sectors. The company offers a broad catalog of medical supplies, paper hygiene products, and cleaning agents, supported by an online ordering system with integrated cart and checkout functionalities. Technically, the site employs a modern JavaScript stack including jQuery, Select2, and Google Tag Manager, ensuring a responsive and user-friendly experience. Security posture is adequate with HTTPS enforced and basic security best practices, though improvements such as enhanced security headers and a vulnerability disclosure policy are recommended. Privacy compliance is supported by a clear cookie consent mechanism and a privacy policy page, aligning with GDPR requirements. Overall, the website is trustworthy, well-structured, and suitable for its target market.

CONVINUS is a Swiss-based company specializing in global mobility solutions, offering a comprehensive range of services including international employee assignments, visa and work permit assistance, tax and social security consulting, compliance, payroll, HR, and relocation. The company positions itself as an established player with a global network spanning over 100 countries, targeting corporate clients with international mobility needs. The website is professionally designed, primarily in German with English options, and provides clear navigation and relevant business content. Technically, the site uses a combination of jQuery, Bootstrap, and other JavaScript libraries, with hosting and domain registration consistent with the business claims. Security posture is good with HTTPS enabled and PCI DSS certification displayed, though DNSSEC is not enabled and some security headers are missing. Privacy compliance is well addressed with a comprehensive GDPR privacy policy and cookie consent managed via Cookiebot. Overall, the website is trustworthy and professional, with moderate to good technical and security maturity.

The website represents the Regionalplanungsverband Unteres Bünztal, a regional planning association in Switzerland focused on coordinating spatial, economic, and infrastructural development among member municipalities. It serves as a communication platform promoting regional identity, sustainable mobility, nature conservation, and economic development. The site targets local government officials, regional stakeholders, and residents interested in regional planning and development. Technically, the website is built on the Contao Open Source CMS platform, utilizing common JavaScript libraries such as jQuery and jQuery UI for interactive elements. The site is moderately optimized for mobile devices and offers clear navigation and structured content. However, it lacks advanced SEO and accessibility features and does not implement cookie consent or analytics tracking. From a security perspective, the site uses HTTPS and avoids collecting sensitive user data via forms, reducing exposure to common web vulnerabilities. Nonetheless, it lacks explicit security headers and does not provide visible security policies or incident response contacts, which could be improved to enhance trust and compliance. Overall, the website is a trustworthy and professional regional government resource with good content quality and business credibility. Strategic improvements in security practices and privacy compliance would further strengthen its posture and user trust.

H

Harmoniemusik Buchs AG

harmoniemusikbuchs.ch

49

Harmoniemusik Buchs AG is a local Swiss music association based in Buchs AG, Switzerland, specializing in brass and woodwind ensemble performances with a focus on march and entertaining music. The website serves as a community portal for members and the public, providing event information, membership login, and contact details. The organization positions itself as a community-driven non-profit focused on musical enjoyment and cultural events. Technically, the website uses a custom ASP-based CMS with Bootstrap and jQuery libraries, delivering a responsive and user-friendly experience. However, there is room for improvement in security practices, including the implementation of security headers and enhanced form protections. Privacy compliance is well addressed with a visible cookie consent mechanism and a privacy policy page. Overall, the site is professional and trustworthy but could benefit from stronger security measures and the addition of terms of service documentation.

Jurapark Aargau is a regional nature park organization based in Switzerland focused on nature conservation, regional development, and community engagement. The website serves as an information hub for visitors, local residents, schools, and companies interested in sustainable tourism, educational programs, and regional products. The organization positions itself as a non-profit entity promoting environmental stewardship and cultural heritage within the Aargau region. Technically, the website is built on the Contao CMS platform, leveraging modern JavaScript libraries and APIs to provide interactive content and event management. The site is mobile-optimized and includes structured data for SEO benefits. Security-wise, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit security policies or incident response information. Overall, the website is professional, trustworthy, and well-maintained, with room for improvement in security transparency and header configurations.

Š

ŠS d.o.o.

studentski-servis.com

51

Študentski Servis (ŠS d.o.o.) operates an online platform focused on connecting students and pupils with job opportunities in Slovenia, while also providing companies with tools to manage and account for student work. The website positions itself as the largest offer of student jobs in Slovenia, targeting both students and business partners. The business has an established presence since 1998, indicating a mature market position within the education sector. Technically, the website uses modern JavaScript libraries, Google Tag Manager for analytics, and service workers for progressive web app capabilities. The site is hosted behind Cloudflare DNS and CDN services, ensuring good performance and availability. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Privacy and cookie policies are absent, which is a compliance gap. No contact information or incident response details are published, limiting transparency. Overall, the website is professional and functional but would benefit from improved security and privacy compliance measures.

S

Stroka produkt d.o.o.

stroka.si

55

Stroka produkt d.o.o., operating under the brand Skupina stroka.si, is a well-established Slovenian IT service provider founded in 2005. The company offers a broad range of IT solutions including infrastructure management, business software integration (notably PANTHEON), digital workplace services leveraging Office 365, business analytics, custom software development, and digital transformation consulting. Their market position is strengthened by a Microsoft Gold Partner certification and multiple industry awards, reflecting a strong reputation in the Slovenian technology sector. The website content and design reflect a professional and mature digital presence targeting business clients seeking comprehensive IT solutions. Technically, the website is built on the DotNetNuke CMS platform, utilizing modern JavaScript libraries and frameworks, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced, reCAPTCHA on forms, and cookie consent mechanisms, though some security headers could be improved. WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the company demonstrates a mature digital infrastructure and credible business operations.

K

Kozák Svitavy, s.r.o.

kozak-svitavy.cz

52

Kozák Svitavy, s.r.o. operates a wholesale e-commerce platform specializing in candles, home and garden accessories, and related decorative products. The website targets wholesale customers primarily in the Czech Republic, offering a broad product range including seasonal and floristry items. The business model focuses on B2B sales through an online portal, positioning itself as a regional supplier with a clear product focus. The website content is professionally presented in Czech, with clear navigation and relevant business information, including contact details and ethical reporting channels. Technically, the site is built on ASP.NET WebForms with Kentico CMS, utilizing common JavaScript libraries such as jQuery, bxSlider, and fancyBox. Google Analytics and Google Tag Manager are employed for user tracking and analytics. The site shows moderate performance and good mobile optimization but lacks some advanced accessibility features. Security measures include HTTPS and CSRF tokens, but there is an absence of security headers and cookie consent mechanisms, indicating room for improvement in security posture and privacy compliance. From a security perspective, no critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data for the domain raises concerns about domain legitimacy and trustworthiness. The website provides clear contact information and an ethical whistleblowing email, which are positive trust signals. Overall, the security posture is moderate but could be enhanced by implementing security headers, cookie consent, and publishing a vulnerability disclosure policy. The overall risk assessment suggests the website is functional and legitimate for its business purpose but would benefit from improved transparency in domain registration and enhanced privacy and security practices. Strategic recommendations include verifying domain registration details, implementing GDPR-compliant cookie consent, adding security headers, and establishing a formal security policy to strengthen trust and compliance.

Z

ZB Invest

zbi.hr

62

ZB Invest is a Croatian financial investment company specializing in investment funds and related services. The website provides fund pricing, yield data, calculators, and contact options primarily targeting Croatian investors. The domain is well-established since 2000 and hosted with professional infrastructure including Akamai CDN services. The website uses standard JavaScript libraries for UI and data visualization but lacks modern CMS or frameworks. Security posture is basic with no visible security headers or privacy policies, and no contact information is explicitly provided in the analyzed content. Overall, the site is functional but could improve in privacy compliance and security best practices.

Z

Zone Media OÜ

kuhuviia.ee

42

Kuhuviia.ee is a localized Estonian platform focused on facilitating waste sorting and repair services by providing an interactive map and search functionality for users to find waste disposal points and repair locations. The service is supported by Zone Media OÜ, a local Estonian company, and has been operational since 2014. The platform integrates Google Maps API for geolocation and mapping, and offers user engagement features such as adding new repair points and saving favorites. The website targets general users interested in environmental sustainability and waste management within Estonia. Technically, the website employs a modern JavaScript stack including jQuery, jQuery UI, and Google Maps API, with asynchronous loading of data from a dedicated API. The site is mobile-optimized and provides a good user experience with clear navigation and search autocomplete. However, some minor server-side errors are exposed in the HTML source, and no advanced security headers are implemented, indicating room for improvement in security hardening. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, and exposes a PHP warning which could leak information. Privacy compliance is basic, with a privacy policy and terms of service present but no cookie consent mechanism detected. No direct contact information or incident response contacts are found, which may impact trust and compliance. Overall, the security posture is moderate but could be enhanced with standard best practices. The overall risk assessment suggests the site is legitimate and functional but would benefit from improvements in security and privacy compliance to enhance trustworthiness and regulatory adherence. Strategic recommendations include fixing server-side errors, enabling DNSSEC, implementing security headers, and adding cookie consent mechanisms to align with GDPR requirements.

I

International Sava River Basin Commission

savacommission.org

47

The International Sava River Basin Commission operates as an intergovernmental organization dedicated to the sustainable management and development of the Sava River Basin. It provides a platform for cooperation among basin countries focusing on water management, navigation, flood protection, sediment management, and environmental preservation. The website reflects a professional and authoritative presence with comprehensive content and official documentation supporting its mandate. Technically, the website employs a modern technology stack including jQuery, Bootstrap, and Slick Carousel, with integration of Google Analytics and Tag Manager for user tracking. The site is mobile optimized and exhibits good performance and SEO practices. However, there is room for improvement in accessibility and security headers. From a security perspective, the site uses HTTPS and secure login forms but lacks important security headers and published security policies such as privacy, cookie, and incident response information. The absence of WHOIS data reduces domain trust verification, though the website content and contact details support legitimacy. Overall, the security posture is moderate with recommendations to enhance compliance and transparency. The overall risk assessment is low to moderate, with strategic recommendations focusing on publishing privacy and cookie policies, implementing security headers, adding vulnerability disclosure mechanisms, and improving WHOIS transparency to strengthen trust and compliance.

P

Primalab d.o.o.

primalab.si

44

Primalab d.o.o. is a Slovenian company established in 2006 specializing in the sale and support of laboratory and process equipment. The company offers a comprehensive range of products from reputable suppliers, alongside technical consulting, training, and maintenance services. Their market position is that of a trusted regional supplier with a focus on quality and customer service. Technically, the website is built on the DNN CMS platform, utilizing common JavaScript libraries and hosted behind Cloudflare, indicating a moderate level of digital maturity. The site is mobile-optimized and provides clear navigation and professional content. Security-wise, the site uses HTTPS and Cloudflare DNS but lacks some modern security headers and uses slightly outdated JavaScript libraries, which could be improved. Privacy compliance is addressed with clear privacy and cookie policies and consent mechanisms, though incident response and vulnerability disclosure information are absent. Overall, the website is professional and trustworthy with room for security enhancements.

nLab sp. z o.o. is a specialized distributor and authorized service provider of scientific measurement instruments operating primarily in Poland and the Baltic states since 1998. The company represents several international brands in electrochemistry, surface plasmon resonance, and tensiometry, offering both sales and technical support including warranty services. Their market position is that of a trusted regional leader in niche scientific instrumentation with a focus on research and industrial R&D customers. Technically, the website is built on a CMS Made Simple platform using classic web technologies such as jQuery and CSS, providing a functional but somewhat dated user experience with moderate performance and basic mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and DNSSEC, and no privacy or cookie policies are present, indicating compliance gaps. Overall, the website is professional and trustworthy but would benefit from enhanced security and privacy compliance measures.

P

Primalab d.o.o.

primalab.eu

57

Primalab d.o.o. is a Slovenian company specializing in the sales and service of laboratory and process equipment. Their offerings include high precision instruments for chemical and physical analysis, complemented by calibration, validation, professional training, and maintenance services. The company targets laboratories, pilot plants, and production facilities, positioning itself as a trusted regional partner with established supplier relationships such as Metrohm and Lauda. The website reflects a professional business presence with clear contact information and GDPR compliance, supporting customer engagement through newsletters and service inquiries. Technically, the site is built on the DotNetNuke CMS platform, utilizing common JavaScript libraries and Bootstrap for responsive design, delivering moderate performance and good mobile optimization. Security posture is moderate, with HTTPS usage and cookie consent mechanisms in place, but lacking explicit security headers and containing hidden spammy links that could impact SEO and trust. WHOIS data is unavailable, limiting domain trust verification, but the overall business credibility remains intact based on website content and contact details. Strategic recommendations include enhancing security headers, removing suspicious hidden links, and improving transparency around domain registration.

H

Hrvatski audiovizualni centar

havc.hr

45

The Hrvatski audiovizualni centar (HAVC) is a Croatian public institution dedicated to supporting and promoting the audiovisual sector, including film production and cultural initiatives. The website serves as an authoritative portal providing news, event calendars, film catalogs, and official publications relevant to the Croatian and international film community. It targets industry professionals, cultural stakeholders, and the general public interested in audiovisual culture. The business model is primarily public funding and cultural promotion, positioning HAVC as a key national player in the media sector. Technically, the website employs a modern JavaScript-based frontend with libraries such as jQuery, Nivo Slider, and Google Fonts, alongside integrations with Google Maps API, Facebook Pixel, and Google Analytics for tracking and user engagement. The site is mobile-optimized and accessible, with features to adjust contrast and font size, enhancing usability. Hosting and domain registration are consistent with a Croatian academic network registrar, indicating a stable and legitimate infrastructure. From a security perspective, the site uses HTTPS and includes tracking scripts responsibly. However, it lacks visible security headers and does not publish a security policy or incident response contacts, which are areas for improvement. Privacy compliance is partial; while a cookie banner is present, it lacks explicit consent mechanisms, and no privacy policy or terms of service are directly linked or found on the homepage. The absence of vulnerability disclosure mechanisms also suggests room for maturity in security practices. Overall, HAVC's website is professional, content-rich, and trustworthy, with a strong business credibility score. The main risks relate to privacy compliance and security best practices, which if addressed, would enhance user trust and regulatory adherence. Strategic recommendations include publishing comprehensive privacy and security policies, implementing security headers, and improving cookie consent mechanisms.

MaplePrimes is a well-established community platform dedicated to Maple software users and mathematical discussions, operated under Maplesoft, a division of Waterloo Maple Inc. The website serves as a hub for questions, posts, and educational content, supporting user engagement and product support. The platform leverages a mature technical infrastructure based on ASP.NET WebForms, Bootstrap, and jQuery, hosted on AWS with modern front-end libraries and analytics tools. Security posture is solid with HTTPS enforcement, cookie consent, and domain protection, though improvements like DNSSEC and security.txt could enhance trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website demonstrates a professional, trustworthy, and user-focused presence in the technology education sector.

The website www.kardio-cz.cz serves as the official online platform for the Czech Cardiology Society (Česká kardiologická společnost). It provides comprehensive resources including news, upcoming professional cardiology events, educational materials, and patient information. The society positions itself as a leading professional healthcare organization in the Czech Republic, targeting cardiologists, healthcare professionals, and patients interested in cardiovascular health. The business model is non-profit, focusing on education, professional development, and dissemination of cardiology knowledge. Technically, the website employs a legacy jQuery version alongside Bootstrap-like styling and integrates Google Analytics with a cookie consent mechanism that respects user privacy by default. The site is mobile responsive and offers a good user experience with clear navigation and professional design. However, some technical improvements are recommended, including updating JavaScript libraries and enhancing security headers. From a security perspective, the site uses HTTPS and implements cookie consent with granular user controls, indicating a good privacy posture. However, no explicit security headers were detected, and WHOIS data is unavailable, which slightly reduces trustworthiness. There is no evidence of vulnerabilities or exposed sensitive data. The site complies with GDPR, providing a comprehensive privacy policy and terms of service. Overall, the website is a trustworthy, professional resource for cardiology professionals and patients, with moderate technical maturity and a solid privacy framework. The lack of WHOIS data and missing security headers are areas for improvement to enhance trust and security posture.

F

FETMED

fetmed.cz

47

FETMED is a specialized healthcare provider in the Czech Republic focusing on fetal medicine, genetics, and gynecology. The company operates two physical centers in Olomouc and Ostrava, offering comprehensive prenatal diagnostics, genetic consultations, psychological counseling, and pediatric cardiology. Their market position is that of a trusted regional specialist with experienced medical professionals and advanced diagnostic technologies. The website is professionally designed, mobile-optimized, and provides clear service information and contact channels. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Google Analytics, and Google reCAPTCHA, ensuring a functional and user-friendly experience. Performance is moderate with good mobile responsiveness and basic accessibility features. However, some security best practices such as security headers are missing, and no privacy policy or terms of service pages are present, which impacts compliance and trust. Security posture is generally good with HTTPS enforced and use of CAPTCHA for forms, but the absence of security headers and WHOIS transparency reduces the overall security confidence. No vulnerabilities or exposed sensitive data were detected. Cookie consent is implemented properly, supporting GDPR compliance to some extent. Overall, the website is a credible and professional healthcare service platform with room for improvement in privacy disclosures and security hardening. The lack of WHOIS data is a concern but may be due to local registry policies. Strategic recommendations include publishing privacy and terms policies, adding security headers, and maintaining updated libraries to enhance security and compliance.

V

Verkehrsverbund Rhein-Neckar GmbH

vrn.de

49

Verkehrsverbund Rhein-Neckar GmbH operates as a regional public transportation authority in the Rhein-Neckar area of Germany, providing comprehensive services including bus, train, and tram schedules, ticketing, and mobility solutions such as carsharing and e-scooters. The website serves as a central portal for journey planning, traffic updates, and customer service, targeting commuters and general public users in the region. The business model is focused on facilitating public transport and mobility services within a defined geographic area, positioning VRN as a key regional transport provider. Technically, the website is built on the Imperia CMS platform and leverages modern web technologies including jQuery, Leaflet for maps, and Foundation for responsive design. It integrates Matomo analytics with user consent, demonstrating a mature approach to data privacy. Accessibility features such as skip links and visual assistance tools are implemented, enhancing usability for diverse users. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security policy documentation and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is limited but consistent with a legitimate regional transport entity. Overall, the site demonstrates a solid security posture with room for improvement in transparency and security policy communication. The overall risk is low given the nature of the business and the absence of suspicious indicators. Strategic recommendations include publishing a dedicated security policy, providing incident response contact details, enhancing HTTP security headers, and considering a vulnerability disclosure policy to further strengthen trust and compliance.

E

EBONITETE.SI

ebonitete.si

44

EBONITETE.SI is a Slovenian business credit rating agency established in 2012, offering creditworthiness evaluations and financial reliability information for companies. Positioned as the first credit rating agency in Slovenia, it targets businesses seeking reliable partner evaluations. The website is built on WordPress with Elementor, integrating modern technologies such as Google Tag Manager and Microsoft Clarity for analytics and marketing. The site demonstrates good design quality, mobile optimization, and SEO practices, although accessibility features are basic. Security posture is solid with HTTPS and security headers implemented, but lacks publicly disclosed security policies or incident response information. Privacy compliance is partial, with a cookie consent mechanism but no visible privacy policy or terms of service pages. Overall, the site is legitimate and professionally maintained but would benefit from enhanced transparency and compliance documentation.

DuelOnline.cz is a Czech Republic-based online accounting portal focused on providing cloud-based access to the DUEL economic system. The website targets accounting professionals, businesses, and accounting firms seeking secure, remote, and integrated accounting solutions. The business model revolves around SaaS delivery of accounting, payroll, inventory, and retail sales management services. The company Ace IT s.r.o. appears as the parent entity, with partnerships with major technology providers such as HP, Dell, Cisco, Microsoft, and Debian, enhancing its market credibility. Technically, the website employs a traditional web stack with jQuery 1.6.1, jQuery UI, and Google Analytics for tracking. It integrates virtualization technologies and cloud infrastructure based on Microsoft and Linux platforms. However, the site shows signs of aging technology and lacks modern security headers and HTTPS confirmation, which impacts its security posture. Mobile optimization and accessibility are basic, and no CMS or hosting provider details are evident. From a security perspective, the site demonstrates some best practices like data backup and physical server security but lacks visible HTTPS enforcement, security headers, and formal privacy or cookie policies. The absence of WHOIS data reduces domain trustworthiness and raises concerns about domain registration legitimacy. No vulnerability disclosures or incident response contacts are provided, limiting transparency. Overall, DuelOnline.cz is a functional and professional business site with moderate technical maturity and security posture. Strategic improvements in security, privacy compliance, and technology modernization are recommended to enhance trust and resilience.

A

Avenue Mall

avenuemall.hr

52

Avenue Mall is a well-established retail shopping center located in Zagreb, Croatia, offering a wide range of retail stores, food and beverage outlets, and entertainment options. The website reflects a medium-sized business with a strong local market presence and a focus on customer engagement through promotions, events, and a loyalty program. Technically, the site employs modern web technologies including jQuery UI, Slick Slider, and integrates marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Hotjar, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though there is room for improvement in security headers and incident response transparency. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the website is professional, user-friendly, and trustworthy, supporting the business's retail and hospitality operations effectively.

Z

Zagrebačka banka

zaba.hr

68

Zagrebačka banka is a leading Croatian financial institution offering a broad range of retail and corporate banking services. The website reflects a mature digital presence with comprehensive information on loans, savings, insurance, and digital banking platforms such as mobile and internet banking. The bank targets a wide audience including individuals, small and large businesses, and private banking clients. The site is professionally designed with consistent branding and clear navigation, supporting a strong market position within Croatia and under the UniCredit Group umbrella. Technically, the website employs modern JavaScript libraries and analytics tools such as Adobe Analytics and Tealium, hosted on Akamai infrastructure for performance and reliability. The site is mobile-optimized and accessible, with good SEO practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response disclosures are absent. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. No critical vulnerabilities or suspicious activities were detected. The domain's WHOIS data confirms legitimacy with a long registration history and consistent registrant information. Strategic recommendations include publishing a dedicated security policy, incident response plan, and vulnerability disclosure guidelines to enhance transparency and trust. Regular security audits and header enhancements would further strengthen the security posture.

K

Kuratorium Deutsche Altershilfe

forum-seniorenarbeit.de

57

Forum Seniorenarbeit NRW is a non-profit project under the Kuratorium Deutsche Altershilfe, focused on community-oriented senior work and engagement in the North Rhine-Westphalia region of Germany. The website serves as an information hub, providing resources, event information, and networking opportunities for professionals and volunteers involved in senior citizen work. It emphasizes themes such as health promotion, mobility, participation, and social space development. The project is publicly funded and maintains a professional online presence with clear branding and consistent messaging. Technically, the website is built on WordPress 6.7.2, utilizing a variety of plugins including Contact Form 7, Events Manager, and Complianz GDPR Cookie Consent. It uses Matomo for analytics, ensuring privacy compliance with cookie consent mechanisms. Hosting is provided by rzone.de, with stable DNS and HTTPS enforced. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a moderate to good technical maturity. From a security perspective, the site employs HTTPS and cookie consent but lacks explicit security headers in the HTML content. No vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response contact is noted. Overall, the security posture is adequate for a non-profit informational site but could be improved with additional headers and transparency. The overall risk assessment is low, with no signs of malicious activity or content safety concerns. Strategic recommendations include enhancing security headers, maintaining up-to-date software, and publishing security and incident response information to increase trust and compliance.

I

Interior AI

interiorai.com

59

Interior AI is a technology company founded in 2020 that offers an AI-powered interior design and virtual staging application targeted at homeowners, real estate professionals, and interior designers. The platform enables users to upload photos of interiors and receive instant AI-generated redesigns, photorealistic renders, and 3D flythrough videos. The company positions itself as a niche player in the AI interior design space with positive user feedback and a modern SaaS business model. Technically, the website employs a modern web stack including jQuery, service workers for push notifications, and Cloudflare for DNS and hosting. The site is moderately optimized for mobile and SEO, with good content quality and branding consistency. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit privacy or cookie policies. No WAF or blocking mechanisms are detected, and the domain registration is consistent and legitimate. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

G

GWS Ground Waterproofing Systems, s.r.o.

gwsystems.cz

50

GWS Ground Waterproofing Systems, s.r.o. is a Czech-based manufacturer specializing in ground waterproofing materials, thermal insulation, and construction geosynthetics with over 25 years of industry experience. The company targets construction professionals and distributors across Europe, offering a broad portfolio of products including PVC foils, mineral insulation, and concrete additives. Their market position is strong within the regional manufacturing and construction sectors, supported by a professional and content-rich website that reflects their expertise and product range. Technically, the website employs modern web technologies such as Bootstrap, jQuery, Google Tag Manager, and Google Analytics, ensuring a responsive and user-friendly experience. The site is well-optimized for mobile devices and includes accessibility features, though some improvements could be made. Security measures include HTTPS enforcement, reCAPTCHA integration, and a comprehensive cookie consent mechanism, indicating a mature approach to user privacy and data protection. From a security perspective, the site demonstrates good practices but lacks explicit HTTP security headers and a public security policy or incident response contact. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data for the domain is a concern, reducing trustworthiness and suggesting the need for further verification of domain registration status. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, with clear contact information and active social media presence. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and verifying domain registration details to improve trust and compliance.

S

Sveitarfélagið Skagaströnd

skagastrond.is

58

Sveitarfélagið Skagaströnd operates an official municipal website serving the local community of Skagaströnd, Iceland. The site provides comprehensive information about local government administration, public services, institutions, news, events, and community resources. It targets residents and visitors seeking municipal information and services. The business model is that of a government service portal, focusing on transparency and community engagement. The website is well-branded and consistent with trust indicators such as official contact details and certifications.

N

NHN Cloud

toast.com

57

NHN Cloud is a South Korean enterprise cloud computing service provider leveraging OpenStack technology to deliver flexible and reliable cloud solutions. The company positions itself as a trusted partner for businesses seeking scalable cloud infrastructure, supported by the NHN Entertainment parent brand. The website content is professional and targeted at corporate clients, with a focus on cloud computing services and solutions. Technically, the site uses modern marketing and analytics tools such as Google Tag Manager and Marketo, indicating a mature digital marketing infrastructure. However, the absence of WHOIS registration data raises concerns about domain legitimacy or recent registration status. Security posture is moderate with HTTPS implied but lacks explicit security headers and published policies. Privacy compliance is minimal with no visible privacy or cookie policies, and no contact information is provided on the homepage. Overall, the site is functional and professional but would benefit from enhanced transparency and security disclosures.

S

SPRAVBYTKOMFORT, a.s.

spravbytkomfort.sk

44

SPRAVBYTKOMFORT, a.s. is a Slovak company specializing in property management and the supply of central heating and hot water services primarily in the Prešov region. The website serves as a customer portal offering information on property management, heat supply, billing, and emergency services. The company maintains a moderate market position as a regional utility and property management provider. The site is built on a CMS platform with a modern tech stack including jQuery, Bootstrap, and various UI libraries, ensuring good mobile responsiveness and user experience. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal privacy or cookie policies. Contact information is limited to a phone number, with no company email or social media links prominently displayed. Overall, the website is professional and functional but could improve privacy compliance and security practices.

E

ESCO Servis, s.r.o.

escoservis.sk

43

ESCO Servis, s.r.o. is a Slovakian company specializing in energy services, particularly heat production and facility management for companies and residential buildings. The company holds ISO 9001 certification, indicating a commitment to quality management, and maintains partnerships with major energy groups such as ČEZ. Their website reflects a professional and consistent brand image, targeting corporate and residential clients in the energy sector. Technically, the website uses modern libraries like jQuery and Bootstrap, is mobile responsive, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though additional security headers could enhance protection. Contact information is clearly provided, but incident response and vulnerability disclosure policies are absent, representing areas for improvement.

P

Property & Enviroment s.r.o.

odpady-portal.sk

59

ODPADY-PORTAL.SK is a Slovak-language specialized online news and information portal focused on waste management and environmental topics. Operated by Property & Enviroment s.r.o., the site provides up-to-date news, legislative information, company directories, and event announcements relevant to professionals and stakeholders in the waste management sector. The portal maintains a consistent brand presence and offers subscription services alongside advertising revenue streams. Technically, the website is built on a custom ASP.NET Web Forms CMS, leveraging modern libraries such as jQuery and Bootstrap, and integrates marketing and analytics tools including Google Tag Manager and Facebook Pixel. The site is mobile-optimized with good SEO and navigation clarity. Security-wise, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR, although it lacks some advanced security headers and incident response disclosures. Overall, the domain registration and business information are consistent and trustworthy, with no signs of blocking or WAF interference.

P

Property & Enviroment s.r.o.

voda-portal.sk

57

VODA-PORTAL.SK is a Slovak information and news portal specializing in water and water management topics. Operated by Property & Enviroment s.r.o., it serves professionals and stakeholders in the water industry by providing news, event information, and subscription services. The portal has a consistent brand presence and a niche market position within Slovakia's energy and environmental sectors. Technically, the site is built on ASP.NET WebForms with modern frontend libraries such as Bootstrap and jQuery, and integrates common marketing and analytics tools like Google Tag Manager and Facebook Pixel. The website is mobile-optimized and offers a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and secure form submissions but lacks some important HTTP security headers, which could be improved to enhance protection. Privacy compliance is strong with GDPR-aligned policies and cookie consent mechanisms. Overall, the site is legitimate, professional, and trustworthy, with room for security enhancements and more explicit contact information.

K

Oficiální web DA Krušné hory | Krušné hory

krusnehory.eu

50

The website krusnehory.eu serves as an official regional tourism guide for the Krušné hory area in the Czech Republic. It provides comprehensive information on tourist destinations, hiking and cycling routes, events, accommodation, dining, and local services. The target audience includes tourists, families, hikers, and cyclists interested in exploring the region. The business model is primarily informational, supporting regional tourism promotion. The site maintains a consistent brand presence and integrates social media channels to engage users. Technically, the website employs common web technologies such as jQuery, Bootstrap, Google Analytics, and Google Tag Manager. It is hosted by WEDOS Internet, a reputable Czech hosting provider. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Performance is moderate, with room for improvement in technical modernization and security hardening. From a security perspective, the site uses HTTPS (implied by URLs) and secure form inputs but lacks visible security headers and explicit privacy or cookie policies. No incident response or vulnerability disclosure information is present. The absence of contact emails and phone numbers reduces transparency. Overall, the security posture is moderate but could benefit from enhanced compliance and security best practices. The overall risk is low given the nature of the site as a public tourism guide with no sensitive data collection. Strategic recommendations include implementing privacy and cookie policies, adding security headers, improving accessibility, and providing clear contact and incident response information to enhance trust and compliance.

W

WOODEN TECH s.r.o.

wooden.land

56

Wooden land is a Czech-based e-commerce business specializing in handcrafted wooden watches, accessories, and furniture. The company emphasizes Czech production, artisanal craftsmanship, and offers custom design options for its products. The website targets consumers looking for unique, personalized wooden goods, primarily within the Czech Republic and potentially broader European markets. The business operates a direct-to-consumer retail model with a focus on quality and originality. Technically, the website is built on the PrestaShop platform, utilizing modern web technologies such as Bootstrap, jQuery UI, and FontAwesome. It integrates multiple analytics and marketing tools including Google Analytics, Facebook Pixel, Hotjar, Heap Analytics, and Pinterest Tag, indicating a mature digital marketing approach. The site is mobile optimized and provides a good user experience with clear navigation and professional design. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers in the HTML source and does not provide visible incident response or security policy information. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is limited due to privacy protection and unsupported TLD WHOIS, but the domain appears legitimate with an active expiry date. Overall, Wooden land presents a trustworthy and professional online presence with good privacy compliance and marketing sophistication. Strategic improvements in security headers and incident response transparency could further enhance its security posture and trustworthiness.

K

Klett Kinderbuch Verlag GmbH

klett-kinderbuch.de

10

Klett Kinderbuch Verlag GmbH is a small, independent German children's book publisher founded in 2008 and independent since 2015. The company focuses on publishing seven to ten new titles per half-year for children aged 2 to 12 and their adults. Their website reflects a professional and consistent brand presence with good content quality and clear navigation. Technically, the site uses the Contao CMS platform with modern JavaScript libraries like jQuery and Rocksolid Slider, providing a moderate performance and good mobile optimization. Security posture is adequate with HTTPS usage and cookie consent mechanisms, but lacks explicit security headers and incident response information. Privacy compliance is well addressed with a comprehensive privacy policy and cookie banner. Business credibility is supported by social media presence and professional content, though no direct contact emails or phone numbers are published on the site. Overall, the website is safe, trustworthy, and well-suited for its target audience.

R

regioactive.de

regioactive.de

49

regioactive.de is a German media platform specializing in cultural and music event coverage, including news, event listings, photo galleries, and ticket sales. It targets music and culture enthusiasts primarily in Germany and German-speaking regions. The website has a consistent brand presence and a solid market position as a regional cultural media outlet. Technically, the site uses a mix of jQuery, Google Analytics, and a cookie consent management system, hosted on UI-DNS name servers. The site is mobile-optimized and SEO-friendly with good performance. Security posture is adequate with HTTPS enforced and cookie consent implemented, though some security headers could be improved. No critical vulnerabilities or blocking mechanisms were detected. WHOIS data confirms a mature and consistent domain registration since 2001, supporting the legitimacy of the business. Overall, regioactive.de is a professional, trustworthy, and compliant cultural media website.

The website tavokraujas.lt represents the Vilniaus Universiteto Ligoninės Santaros Klinikų Kraujo centras, a major Lithuanian healthcare institution specializing in blood donation and transfusion services. The site provides comprehensive information about blood donation, donor registration, donor eligibility, and blood donation events. It serves as an important resource for potential donors and healthcare professionals in Lithuania. The business is well-positioned as a trusted healthcare provider with ISO 9001:2015 certification and affiliation with a leading university hospital. Technically, the website uses a variety of established JavaScript libraries and CSS frameworks such as jQuery, Bootstrap, and Owl Carousel to deliver a responsive and user-friendly experience. The site is mobile optimized and features multiple interactive forms for donor registration and event organization. However, there is no evidence of a CMS, and hosting details are not disclosed. From a security perspective, the website uses HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are important for GDPR compliance. No incident response or vulnerability disclosure information is provided. The WHOIS data is consistent and transparent, supporting the legitimacy of the domain and business. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security hardening to improve user trust and regulatory adherence.

Asociacija ,,Padedu augti“ is a Lithuanian non-profit organization dedicated to supporting families with premature and seriously ill newborns. Established in 2011, it provides various services including social support projects, educational initiatives, and direct assistance to hospitals and families. The organization maintains a strong community presence through storytelling, events, and partnerships with healthcare institutions. Their website reflects a well-structured, content-rich platform with clear navigation and engagement tools such as a live chat widget. Technically, the website employs modern web technologies including jQuery, jQuery UI, Fancybox, and Google Fonts, hosted behind Cloudflare DNS and nameservers ensuring reliable performance and security. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features are basic. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and formal security policies. From a security and compliance perspective, the site lacks visible privacy and cookie policies, which is a notable compliance gap especially under GDPR. No incident response or vulnerability disclosure information is provided. Contact information is clearly available, enhancing business credibility. WHOIS data confirms domain legitimacy and consistency with the organization's profile. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security policy transparency to improve user trust and regulatory adherence.

H

Domovská stránka

helago-sk.sk

45

Helago SK operates as a specialized e-commerce platform serving the Slovak market with a focus on educational, healthcare, and laboratory products. The website offers a broad catalog of simulators, anatomical models, laboratory instruments, and technical teaching aids, targeting educational institutions, healthcare providers, and laboratories. The presence of sister sites in Czech and English indicates a regional market approach. Technically, the site employs modern web technologies including jQuery, Bootstrap 5, Google Tag Manager, and reCAPTCHA, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and vulnerability disclosures are absent. Privacy compliance is basic, lacking a visible privacy policy or terms of service on the main page. Overall, the site is professionally designed with good navigation and content relevance but could improve transparency and contact information availability.

M

Ministerie van Algemene Zaken

government.nl

60

The website government.nl serves as the official online portal for the Government of the Netherlands, managed by the Ministerie van Algemene Zaken. It provides comprehensive information on government services, policies, immigration, housing benefits, citizenship, and current news. The site targets a broad audience including residents, expatriates, and businesses interacting with Dutch government entities. It holds a strong market position as the authoritative source of government information in the Netherlands. Technically, the website employs modern JavaScript libraries such as jQuery UI and integrates Piwik PRO analytics and Pastease survey tools, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and performs well with fast loading times. The CMS is not explicitly identified but appears to be a custom or government-specific platform. From a security perspective, the site enforces HTTPS and employs secure forms without visible vulnerabilities. However, explicit security headers and a dedicated security policy page are absent, and no incident response contacts are provided. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. No vulnerabilities or suspicious domains were detected. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for a government entity. Strategic recommendations include enhancing security headers, publishing a security policy, and providing incident response contacts to further strengthen the security posture.

H

Hrvatske ceste d.o.o.

hrvatske-ceste.hr

63

Hrvatske ceste d.o.o. is a Croatian state-owned company responsible for the management, construction, reconstruction, and maintenance of the national road network. The website reflects its official status with consistent branding and clear presentation of its services and public information. The target audience includes government entities, contractors, drivers, and the general public interested in road infrastructure and related services. The company operates under the ownership of the Republic of Croatia, positioning itself as the authoritative body for state roads.

Z

Zavod za prostorno uređenje Dubrovačko-neretvanske županije

zzpudnz.hr

65

The website zzpudnz.hr is the official online portal for the Zavod za prostorno uređenje Dubrovačko-neretvanske županije, a governmental spatial planning institute serving the Dubrovnik-Neretva County in Croatia. It provides comprehensive spatial planning documentation, project information, and news updates relevant to local government officials, urban planners, and the public. The site is well-structured, professionally designed, and offers extensive archives of news and legal documents related to spatial planning. The target audience includes government entities, municipalities, and citizens interested in regional planning and development. Technically, the website is built on the DotNetNuke (DNN) CMS platform, utilizing modern JavaScript libraries such as jQuery, Vue.js, and Bootstrap for responsive design and user experience. The site is mobile optimized and includes accessibility features. Security best practices are observed with HTTPS enforced, appropriate security headers, and secure form handling. Google Analytics is used for visitor tracking, with a cookie consent mechanism in place to comply with GDPR requirements. From a security perspective, the site shows a mature posture with no detected vulnerabilities or exposed sensitive data. However, there is no explicit public security policy or vulnerability disclosure page, and incident response contact information is not provided. The WHOIS data confirms the domain's legitimacy, consistent with the Croatian governmental entity it represents, and the domain age aligns with the institution's operational history. Overall, zzpudnz.hr is a credible, secure, and professionally maintained governmental website that effectively serves its informational and public service role. Strategic recommendations include publishing a dedicated security policy, adding vulnerability disclosure information, and providing clear incident response contacts to enhance transparency and trust.

S

Splitsko-dalmatinska Županija

digitalnadalmacija.hr

56

Digitalna Dalmacija is a regional technology and education initiative led by the Split-Dalmatia County, focused on fostering digital skills, startup ecosystem growth, and a vibrant technology community in Croatia. The website serves as a hub for educational programs, startup acceleration, and community events, targeting students, professionals, retirees, and entrepreneurs. It is well-positioned as a government-backed regional technology hub with strong partnerships and community engagement. The technical infrastructure is based on ASP.NET WebForms with modern JavaScript libraries and CMS (DNN), providing a good user experience and mobile optimization. Security posture is adequate with HTTPS and some best practices, but lacks explicit security headers and vulnerability disclosure mechanisms. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is professional, trustworthy, and content-rich, but could improve in privacy and security transparency.

K

Konplast d.o.o.

kipos.hr

40

Kipos.hr is a Croatian business website serving as a login portal for KIPOS, a bookkeeping and business information system developed by Konplast d.o.o. The platform targets business users requiring accounting and bookkeeping software solutions. The website is primarily a secure login interface with client-side encryption for credentials, indicating a focus on protecting user data during authentication. The business appears to be a small-sized technology provider with a niche market in Croatia, founded in 2014, and maintains consistent branding with its parent company Konplast d.o.o. The website lacks public-facing content such as privacy or cookie policies and does not provide contact information on the login page, which limits transparency for external users.