Security Directory

B

Blumenfabrik Coworking & Eventspace GmbH

blumenfabrik.at

11

Blumenfabrik Coworking & Eventspace GmbH operates a sustainable coworking and event space located in Vienna, Austria. The company targets individuals and organizations interested in sustainability, climate protection, and community engagement. Their business model focuses on providing flexible workspaces and event venues with a strong emphasis on environmental friendliness and social inclusivity. The website reflects a niche market position with a clear community and sustainability focus, supported by professional content and branding.

The domain cool-shop.eu is registered with Gransy s.r.o., a known registrar company. However, the website content is completely inaccessible, returning a 404 Not Found error with no additional content, metadata, or business information. This indicates that the website is either inactive, misconfigured, or under development. Due to the lack of accessible content, no meaningful business description, services, or target audience can be identified. The technical infrastructure is minimal, with only an nginx 1.26.1 server identified, and no CMS or frameworks detected. Security posture is poor, with no HTTPS or security headers observed, and no privacy or cookie policies present. Overall, the website is not operational for end users and lacks any trust or credibility indicators.

L

Swiss Gaming and Esports Hub: Festivals, Collaboration, and Competitive Insights

ludicious.ch

9

The website ludicious.ch serves as a niche media platform dedicated to the Swiss gaming and esports community. It provides news, festival coverage, and insights into the growth of esports and international collaboration within Switzerland's gaming industry. The target audience includes game developers, esports enthusiasts, and industry professionals interested in Swiss gaming culture. Technically, the site is built on WordPress with common plugins such as Yoast SEO and uses jQuery and Font Awesome for UI elements. The site is mobile optimized and has good SEO practices but lacks advanced accessibility features. Security-wise, the site uses HTTPS but lacks security headers and formal security policies, which could be improved. Privacy compliance is minimal, with no visible privacy or cookie policies or consent mechanisms. Contact is available only through a contact form, with no direct emails or phone numbers published. Overall, the site is professional and relevant but would benefit from enhanced security and privacy compliance measures.

S

Slovenia Games

sloveniagames.com

63

Slovenia Games Conference is a well-established annual event focused on the game development industry in Slovenia, attracting local and international professionals including programmers, artists, designers, and business leaders. The conference offers educational tracks, an indie expo, and networking opportunities, positioning itself as the largest games industry event in Slovenia. The website is built on WordPress with WooCommerce and uses common marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. Hosting is via Amazon AWS nameservers, indicating a reliable infrastructure. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Contact information is limited to an official email address. Overall, the site is professional, content-rich, and trustworthy but could improve in security and privacy transparency.

G

Game Lab Graz

gamelabgraz.com

42

Game Lab Graz is an academic research group led by Johanna Pirker, focusing on exploring the full potential of video games through designing and researching virtual, engaging, and immersive experiences. The website serves as a platform to showcase projects, publications, courses, and team information related to game design and virtual reality. The target audience primarily includes students, researchers, and professionals interested in game development and immersive technologies. The business model is centered around education and research within the academic sector, positioning itself as a niche player in the field of game design and virtual reality research. Technically, the website is built on WordPress CMS with Elementor page builder and uses common web technologies such as jQuery, Bootstrap grid, and FontAwesome icons. Hosting appears to be provided by Alfahosting based on DNS nameservers. The site demonstrates moderate performance and good mobile optimization, with basic accessibility and SEO features. The design is professional and consistent with academic branding, providing a good user experience and clear navigation. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. No exposed sensitive data or vulnerable libraries were detected. However, the absence of privacy and cookie policies indicates compliance gaps with GDPR and other data protection regulations. No incident response or security contact information is provided, which could be improved to enhance trust and readiness. Overall, the website is trustworthy and professionally maintained, with a strong academic focus. The main risks relate to privacy compliance and security best practices, which should be addressed to improve the security posture and regulatory adherence. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact information for security incidents.

S

SUBOTRON

subotron.com

10

SUBOTRON is a Vienna-based platform dedicated to digital game culture, focusing on organizing events such as talks, panels, and workshops, as well as providing news and networking opportunities for indie game developers and enthusiasts. The website positions itself as a niche community hub for Austrian and international digital game culture, with a history dating back to 2002. The business model appears to be community-oriented, possibly non-profit, emphasizing cultural and educational activities in the gaming sector. Technically, the website is built on WordPress using the Divi theme, incorporating modern web technologies such as jQuery, Google reCAPTCHA v3 for spam protection, and FontAwesome for icons. The site demonstrates moderate performance and good mobile optimization, though accessibility features are basic. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms. However, it lacks DNSSEC, security headers, and published security policies or incident response contacts. No privacy or cookie policies were found, indicating gaps in compliance with GDPR and related regulations. The domain is well-established with consistent WHOIS data, enhancing trustworthiness. Overall, SUBOTRON presents a professional and trustworthy online presence with solid business credibility and technical implementation. The main areas for improvement include enhancing privacy compliance, implementing security best practices such as DNSSEC and security headers, and publishing clear policies to improve user trust and regulatory adherence.

Nuki Home Solutions GmbH is an Austrian technology company specializing in innovative smart lock solutions designed for easy retrofitting. The company has established a strong market position in Europe by offering a range of smart locks and accessories that integrate seamlessly with major smart home platforms. Their business model focuses on direct consumer sales and business reseller partnerships, supported by a comprehensive digital presence including mobile apps and web management tools. Technically, the website is built on modern frameworks such as Next.js and React, with robust analytics and marketing integrations, ensuring a fast, mobile-optimized, and accessible user experience. Security-wise, the site enforces HTTPS, employs standard security headers, and maintains good privacy compliance with clear policies and consent mechanisms. However, there is room for improvement in publishing explicit security policies and incident response information. Overall, the domain registration and website content are consistent and trustworthy, reflecting a mature and professional business entity.

S

Spektral

spektral.at

10

Spektral is a small non-profit community and cultural space based in Graz, Austria, providing an open space for social and cultural activities. The organization is currently engaged in a crowdfunding and crowdlending campaign to purchase their premises to secure long-term operation and independence. The website reflects a community-driven approach with active engagement through events, media, and social channels. Technically, the site is built on WordPress using a responsive theme and common plugins for media playback and event calendars, offering a moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and basic protections like Akismet for spam, but lacks advanced security headers and explicit incident response information. Privacy compliance is partially met with a comprehensive privacy policy but missing cookie consent mechanisms. Overall, the site is trustworthy and professional, with clear contact information and partner affiliations, but could improve in security and privacy transparency.

S

SSI SCHÄFER Gruppe

ssi-schaefer.com

10

SSI SCHÄFER Gruppe is a globally operating enterprise specializing in modular warehouse and logistics systems, software solutions, and comprehensive intralogistics services. The company positions itself as a worldwide leader in intralogistics, offering innovative technologies and software to enhance efficiency and sustainability in warehousing, order picking, and transport processes. Their business model focuses on B2B engagements across multiple industries, providing tailored solutions for various market segments. The website reflects a mature digital presence with professional design, multilingual support, and extensive content covering products, services, corporate philosophy, and sustainability initiatives. Technically, the website employs modern JavaScript frameworks, Google Tag Manager for analytics, and Usercentrics for cookie consent management, ensuring compliance with privacy regulations. The site is mobile-optimized, accessible, and SEO-friendly, with embedded multimedia content enhancing user engagement. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers could be improved and an incident response contact is absent. Overall, the website demonstrates a strong security and compliance stance suitable for an enterprise of its scale, with clear business credibility and trust indicators. The absence of WHOIS data suggests privacy protection, which is reasonable for a large corporation. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and providing explicit incident response contacts to further strengthen trust and security transparency.

M

Mi'pu'mi Games GmbH

mipumi.com

10

Mi'pu'mi Games GmbH is an independent video game development company based in Vienna, Austria, founded in 2008. The company focuses on creating indie games and collaborating with notable clients in the gaming industry such as IO Interactive, Remedy Entertainment, and Ubisoft. Their website reflects a professional and consistent brand image targeting gamers, indie developers, and potential employees. The business model centers on game development services and client partnerships within the technology sector. Technically, the website is built using the Hugo static site generator, leveraging modern web technologies and a cookie consent mechanism to comply with basic privacy standards. Hosting is provided by World4You Internet Services GmbH, an Austrian provider consistent with the company's location. Security posture is moderate with HTTPS enabled but lacking advanced security headers and DNSSEC. Privacy compliance is partial, with a cookie policy present but no privacy policy or terms of service found. No contact emails or phone numbers are explicitly listed, which may impact user trust and support accessibility. Overall, the website is well designed, mobile optimized, and SEO friendly, but could improve in security and compliance documentation.

H

HochschülerInnenschaft an der TU Graz (HTU Graz)

htugraz.at

56

HTU Graz serves as the official student representation body at the Technical University of Graz, Austria. It advocates for student interests, provides various support services, and organizes events with a large volunteer base. The organization is well integrated within the university ecosystem and collaborates with multiple student unions and partners. The website is built on TYPO3 CMS with Bootstrap, offering a professional and accessible user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks advanced security headers and formal incident response disclosures. Overall, the site reflects a trustworthy and credible non-profit educational entity.

R

Rarebyte GmbH

rarebyte.com

50

Rarebyte GmbH is a small, established game development studio based in Austria with over 19 years of experience and more than 25 released titles. The company focuses on multiplatform game development, including PC, consoles, and mobile platforms, and collaborates with known publishers such as Headup Games and Greenheart Games. Their website reflects a professional and consistent brand image targeting gamers and industry partners. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and integrates Google Analytics and cookie consent mechanisms, indicating a moderate level of digital maturity. Security posture is moderate with some best practices like domain transfer protection and cookie consent but lacks advanced security headers and DNSSEC. Privacy compliance is basic with a privacy policy and cookie banner but no explicit GDPR statements or terms of service. Overall, the website is trustworthy and well-maintained, supporting the company's credibility in the gaming industry.

N

Nase Media a.s.

parlamentnilisty.cz

10

ParlamentniListy.cz is a well-established Czech political news and commentary website operated by Nase Media a.s. It offers a broad range of political news, interviews, opinion pieces, and profiles of politicians and institutions. The site targets Czech-speaking audiences interested in politics and current affairs, leveraging advertising and subscription models for revenue. Technically, the site employs modern web technologies including Google services for ads and analytics, Facebook SDK, and a consent management platform to ensure GDPR compliance. The website is mobile-optimized and structured for SEO with JSON-LD data. Security-wise, the site enforces HTTPS and uses reCAPTCHA to mitigate bots, but lacks explicit security headers and published security policies. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though WHOIS data is unavailable, likely due to privacy protection.

T

TJ Spartak Hořovice, z.s.

plavanihorovice.cz

47

TJ Spartak Hořovice is a local Czech sports club specializing in swimming and modern pentathlon. The website serves as an information hub for club members and the local community, providing event calendars, news updates, photo galleries, and training schedules. The club operates as a non-profit entity, focusing on youth and amateur sports activities in the Hořovice region. The site is well maintained with consistent branding and relevant content for its target audience. Technically, the website is built on Joomla CMS with supporting frameworks such as Bootstrap and UIkit, leveraging jQuery and Google Fonts for enhanced user experience. The site is mobile optimized and includes a cookie consent mechanism, reflecting a moderate level of digital maturity. Performance is moderate with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS but lacks several important security headers like Content-Security-Policy and HSTS, which could enhance protection against common web threats. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a cookie consent banner present but no explicit privacy policy or terms of service pages found. Overall, the website presents a moderate risk profile with good business credibility but could benefit from improved security practices and enhanced privacy documentation. Strategic recommendations include implementing security headers, publishing a comprehensive privacy policy, and maintaining up-to-date software to mitigate potential risks.

M

Masáže Hořovice Martin Crk

masaze-martincrk.cz

37

Masáže Hořovice Martin Crk is a small local business providing massage and wellness services in the Czech Republic. The website presents a professional and clean design with clear contact information and a focus on natural massage oils and stress relief. The business is relatively new, founded in 2022, and targets general consumers seeking relaxation and physical well-being. The site uses WordPress CMS with common plugins such as Yoast SEO and jQuery, indicating a standard modern web infrastructure. Performance and mobile optimization are adequate, though accessibility features are basic. Security posture is good with HTTPS enabled and no visible vulnerabilities, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is trustworthy for its business purpose but would benefit from enhanced privacy and security practices.

2

2Racing autodíly nejen pro rally, tuning, motorsport

2racing.cz

41

2Racing.cz is a Czech Republic-based e-commerce website specializing in the sale of automotive parts focused on racing, rally, and tuning enthusiasts. The site offers a wide range of products including racing seats, suspension components, filters, and accessories from reputable brands such as Strongflex, Koni, Sparco, and others. The business targets motorsport hobbyists and professionals seeking specialized car parts. The website is professionally designed with clear navigation and product categorization by car brand and year, supporting a good user experience.

H

HMS Stavby

hms-stavby.cz

37

HMS Stavby is a small construction company based in the Czech Republic, operating since 2012. The website presents basic information about the business and its services, targeting a general audience interested in building and construction. The site is built on WordPress using the Divi theme, with standard web technologies such as jQuery and Google Fonts. The hosting provider is WEDOS, consistent with the Czech location. The website has basic mobile optimization and moderate performance but lacks advanced SEO and accessibility features. Security posture is moderate with HTTPS enabled but no security headers detected and an expired domain status which poses a risk. Privacy compliance is minimal with no privacy policy or terms of service found, though a cookie consent mechanism is implemented. Overall, the site is functional but lacks comprehensive security and compliance measures.

A

AutoTužil

autotuzil.cz

54

AutoTužil is a small automotive service provider based in the Czech Republic offering a wide range of vehicle repair and maintenance services including nonstop auto repair, air conditioning servicing, diagnostics, and sale of auto accessories. The website is professionally designed with clear navigation and good mobile optimization, targeting vehicle owners in the local region. The business appears well-established with a founding year of 2004 indicated in the footer, although domain registration details are unavailable, which introduces some uncertainty about domain legitimacy. Technically, the site uses modern frontend libraries such as Bootstrap and jQuery, and integrates Google Analytics and Tag Manager for user tracking. Security posture is moderate with HTTPS enabled but lacking security headers and a privacy policy, which are recommended for compliance and trust. Overall, the website is functional and trustworthy for its business purpose but would benefit from improved transparency and security practices.

L

Látky Wiedrman levná podšívka tyl a šusťák

latky-wiedrman.cz

44

The website www.latky-wiedrman.cz appears to be a retail business specializing in selling fabrics and related materials such as linings, tulle, organza, and elastic satin primarily targeting customers in the Czech Republic. However, the site content is fully restricted behind a password form, limiting public access and visibility into the full scope of their offerings and business details. The lack of publicly accessible content and absence of WHOIS registration data reduces transparency and trustworthiness. Technically, the site uses Matomo analytics and Google Fonts but lacks visible security headers and privacy compliance mechanisms. The overall security posture is minimal with no clear evidence of GDPR compliance or incident response readiness. The restricted access may be justified for business confidentiality but significantly impacts the ability to assess the website's quality and security comprehensively.

J

JAN VLČEK

vlcek-stavby.cz

39

Jan Vlček operates as an authorized builder and member of the Chamber of Authorized Engineers and Technicians in Construction, providing construction management and project services primarily in the Czech Republic. The business targets individuals and companies seeking professional construction oversight and authorized building services, with a focus on civil, residential, and industrial projects. The website reflects a small, local service provider with over 30 years of industry experience, supported by professional certifications and clear contact information. Technically, the website is built on WordPress using common plugins such as Contact Form 7 and Revolution Slider. It employs jQuery 1.7.2 and Google Maps API for functionality. The site shows moderate performance and basic mobile optimization but uses outdated JavaScript libraries and lacks advanced SEO and accessibility features. No analytics or tracking services are detected, indicating minimal user tracking. From a security perspective, the site uses HTTPS but lacks important security headers like Content-Security-Policy and Strict-Transport-Security. The use of outdated libraries presents potential vulnerabilities. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Contact information is clearly provided, but no incident response or security policies are visible. Overall, the website is functional and moderately professional but requires improvements in security, privacy compliance, and technical modernization to enhance trustworthiness and protect user data effectively.

TAC-TAC agency s.r.o. is a small Czech advertising company specializing in promotional products and client advertising services. The website presents basic information about the company and its offerings, targeting businesses seeking advertising solutions. The company has been established since 2000, indicating a stable presence in the local market. The website uses SuitableCMS and is hosted by Wedos, with integrations of common marketing and analytics tools such as Google Analytics, Google Tag Manager, Hotjar, and Google reCAPTCHA for bot protection. From a technical perspective, the website employs older technologies such as jQuery 1.7.2, which is outdated and poses security risks. The site lacks modern security headers and visible privacy or cookie policies, indicating compliance gaps with GDPR and other privacy regulations. The website is accessible without WAF or blocking mechanisms, but the security posture is moderate due to missing best practices and outdated libraries. Security-wise, the site uses HTTPS (implied by origin-trial meta tag referencing HTTPS Google services) and reCAPTCHA, but lacks explicit security headers and incident response information. No vulnerabilities such as exposed credentials or SQL injection are visible, but the outdated jQuery version is a concern. Contact information is minimal but present, with a company email and phone number displayed. Overall, the website scores moderately on AI evaluation with strengths in business credibility and basic technical implementation but weaknesses in privacy compliance and security best practices. Strategic improvements in updating technology, adding privacy and cookie policies, and enhancing security headers would significantly improve the site's security posture and compliance.

ČESKOMORAVSKÝ POHÁR RALLYE (ČMPR) operates as an organizer and promoter of rally competitions primarily targeting motorsport enthusiasts in the Czech Republic. The website serves as the official platform for event calendars, results, rules, and news related to the rally cup. The business is positioned as a niche regional motorsport event organizer with a small organizational size and a history dating back to 2010. The site content is primarily in Czech and focuses on rally event information and community engagement via social media channels such as Facebook and YouTube. Technically, the website is built on WordPress using the Blocksy theme and leverages common web technologies including jQuery, Yoast SEO for search optimization, Google reCAPTCHA v3 for form security, and Swiper.js for UI components. Hosting appears to be provided by a Czech hosting provider (cesky-hosting.eu). The site demonstrates moderate performance and good mobile optimization, with basic accessibility features and good SEO practices. From a security perspective, the site enforces HTTPS and integrates Google reCAPTCHA to protect forms from abuse. However, it lacks visible security headers and does not publish security policies or incident response contacts. Privacy and cookie policies are absent, indicating gaps in compliance with GDPR and related regulations. No vulnerabilities or exposed sensitive data were detected in the analysis. Overall, the website presents a professional and trustworthy front for its business purpose but would benefit from enhanced privacy compliance, security policy transparency, and improved contact information availability to strengthen user trust and regulatory adherence.

N

Northstar Travel Media LLC

phocuswrighteurope.com

63

Phocuswright Europe is a prominent travel and technology conference organized by Northstar Travel Media LLC, targeting top executives, innovators, and influencers in the travel industry. The website promotes the 2026 event in Barcelona, Spain, offering professional development, networking, and insights into travel technology trends. The business holds a strong market position as a leading European travel tech event with a medium-sized organizational footprint. Technically, the site employs modern web technologies including Bootstrap, jQuery, and advanced analytics tools such as Google Analytics, Google Tag Manager, RudderStack, and Intercom, indicating a mature digital infrastructure. The website is well-optimized for mobile and accessibility, with good SEO practices and professional design. Security posture is solid with HTTPS, security headers, and secure forms, though explicit security policies and incident response contacts are not published. Privacy compliance is good, with clear privacy and cookie policies and consent mechanisms in place. However, the WHOIS data for the domain is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional site presence. Overall, the site is trustworthy and professional but would benefit from clarifying domain registration and publishing security policies.

C

CENDIS, s.p.

cendis.cz

62

CENDIS, s.p. is a Czech government-related entity specializing in transportation information systems under the Ministry of Transport of the Czech Republic. The organization provides key ICT solutions and services such as electronic highway vignettes, unified railway tickets, electronic toll supervision, and various training and certification programs. Their target audience includes drivers, transport operators, public transport passengers, and government officials. The website reflects a professional and consistent brand image with a focus on transparency and public service. Technically, the site is built on WordPress using Elementor and Smart Slider 3, with Google Analytics integrated for visitor tracking. The site is mobile-optimized and offers good navigation and content relevance. Security posture is adequate with HTTPS and cookie consent mechanisms, but lacks some advanced security headers and explicit incident response contacts. WHOIS data is missing, which reduces domain trustworthiness, but the official nature of the site and linked government registries support legitimacy. Overall, the site is a reliable source of transportation ICT information and services in the Czech Republic.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-kampagne-2019.de

42

The website 'bkk-kampagne-2019.de' represents a health awareness campaign by the BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V., focusing on promoting healthy sleep habits. It provides educational content, tips, and resources related to sleep health, targeting the general German-speaking public. The campaign is positioned as a niche, non-profit initiative within the healthcare sector, with a clear and consistent branding approach. The website content is well-structured, professionally designed, and offers multilingual support (German and English). Technically, the site is built on WordPress, leveraging caching and minification plugins to optimize performance. It uses HTTPS with a good SSL configuration, but lacks some security headers and cookie consent mechanisms, which are recommended for enhanced compliance and security. No forms or data collection mechanisms are visible on the homepage, reducing privacy risks. Contact information is clearly provided, including a verified organizational email and physical address in Berlin. No suspicious or malicious indicators were found, and the domain appears legitimate and appropriate for the campaign's history and purpose.

PINK LEMON is a small, established marketing and design agency based in Vaduz, Liechtenstein, offering services including marketing, corporate design, graphic design, and web design. The company targets businesses and organizations in Vaduz and surrounding regions, positioning itself as a trusted partner with over 11 years of experience. The website is professionally designed, content-rich, and consistent with the company's branding and market positioning. Technically, the website is built on the Contao Open Source CMS using the Foundation framework and standard JavaScript libraries. It demonstrates good mobile optimization and SEO practices, with moderate performance. The site uses HTTPS with an excellent SSL configuration but lacks advanced security headers. Privacy compliance is addressed through a privacy policy and a cookie consent banner, with minimal user tracking limited to newsletter subscriptions. From a security perspective, the website shows a solid baseline with HTTPS and cookie consent but could improve by implementing security headers and publishing incident response or vulnerability disclosure policies. No vulnerabilities or suspicious activities were detected. Overall, the site is trustworthy and professionally maintained. The risk assessment is low, with no critical issues found. Strategic recommendations include enhancing security headers, adding incident response information, and expanding privacy and security disclosures to further strengthen trust and compliance.

N

NIVEA

nivea.cz

61

NIVEA.cz is the Czech Republic localized website for the globally recognized skincare brand NIVEA, owned by Beiersdorf AG. The site offers a comprehensive catalog of skincare and cosmetic products, along with tips and advice for skin and body care. The website targets general consumers interested in personal care products and maintains a strong brand presence consistent with NIVEA's global identity. Technically, the site is built on the Sitecore CMS platform, employs modern web technologies, and integrates multiple analytics and marketing tools such as Google Analytics, Google Tag Manager, and Consent Manager for GDPR compliance. The site is mobile-optimized and provides a professional user experience with clear navigation and rich content. Security-wise, the website enforces HTTPS, uses standard security headers, and implements cookie consent mechanisms, reflecting a mature security posture. However, it lacks publicly available explicit security policies and incident response contacts, which could be improved. The domain WHOIS data is unavailable, likely due to registry policies, which slightly reduces transparency but does not detract significantly from the site's legitimacy given the brand's reputation. Overall, the website is well-maintained, secure, and compliant with privacy regulations, serving as a reliable digital presence for NIVEA in the Czech market.

N

Nadační fond Flaminia

nfflaminia.cz

55

Nadační fond Flaminia is a Czech non-profit foundation established in 2007, dedicated to supporting mental health and psychological wellbeing projects for children and youth. The organization collaborates with various partner projects and runs awareness campaigns to promote mental health care as equally important as physical health. Their website reflects a professional and consistent brand image, providing clear contact information and detailed descriptions of their initiatives and supported projects. Technically, the website uses modern web technologies including Bootstrap, jQuery, FontAwesome, and Google Fonts, with good mobile optimization and SEO practices. The site is accessible and well-structured, though it uses multiple versions of Bootstrap and jQuery which could be streamlined. No CMS or hosting provider details were detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data, but lacks important security headers and privacy/cookie policies, which are compliance gaps. No WHOIS data was found for the domain, which reduces trustworthiness and raises questions about domain registration legitimacy. No analytics or tracking scripts were detected, indicating minimal user tracking. Overall, the site is trustworthy and professional in content and presentation but would benefit from improved privacy compliance and security hardening. The lack of WHOIS data is a notable concern that should be investigated further.

Q

Qminers

qminers.com

50

Qminers is a specialized software development company focused on algorithmic trading, providing a Central European hub for top-tier professionals in quantitative finance and technology. The company emphasizes improving global markets through advanced software solutions and a meritocratic, knowledge-sharing culture. Their website reflects a professional and consistent brand image, targeting expert audiences in finance and technology sectors. Technically, the site uses modern web technologies with embedded video content and is hosted by a reputable provider. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published policies. Privacy compliance is limited, with no privacy or terms of service pages found, though a cookie consent banner is present. Overall, the site is safe, professional, and trustworthy but could improve in compliance and security transparency.

C

Crestyl

crestyl.com

50

Crestyl is a well-established real estate development company based in the Czech Republic, specializing in multi-sector projects including residential, office, and retail properties. The company positions itself as a market leader with a strong portfolio and multiple industry awards, reflecting its prominence and credibility in the real estate sector. The website content is professionally presented, targeting investors, tenants, and clients interested in high-quality real estate developments. Technically, the website employs modern JavaScript libraries such as jQuery and Leaflet, integrates Google Analytics and Tag Manager for tracking, and implements a granular cookie consent mechanism, indicating a moderate level of digital maturity. Security-wise, the site uses HTTPS and cookie consent but lacks visible security headers and published security policies, suggesting room for improvement in security posture and compliance documentation. Overall, the website is accessible, well-branded, and trustworthy, though it would benefit from enhanced privacy and security disclosures to align with best practices.

C

Cesta z krize, z.ú.

linkapsychickepomoci.cz

48

The website linkapsychickepomoci.cz represents a non-profit organization named Cesta z krize, z.ú., providing free, anonymous, and 24/7 psychological crisis support services primarily to adults in the Czech Republic. The service offers telephone and chat support to individuals facing acute psychological distress or crisis situations. The organization is government co-financed and partners with other NGOs, positioning itself as a trusted social service provider in the mental health support sector. Technically, the website employs modern web technologies including Google Tag Manager, Cookiebot for cookie consent management, and Smartsupp for live chat functionality. The site is hosted by Active24 and demonstrates moderate performance with good mobile optimization and basic accessibility features. SEO and metadata are present but could be enhanced for better discoverability. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit security policies. No vulnerabilities or exposed sensitive data were detected in the HTML content. The absence of a privacy policy and terms of service pages, as well as no security.txt file, indicates areas for compliance and security improvement. Overall, the website is safe, professional, and trustworthy, with a clear focus on mental health crisis support. Strategic recommendations include enhancing security headers, publishing comprehensive privacy and terms policies, and improving accessibility compliance to strengthen user trust and regulatory adherence.

C

Cesta z krize, z.ú.

linkaztracenedite.cz

49

The website 'Linka pro rodinu a školu' is a Czech non-profit social service platform operated by 'Cesta z krize, z.ú.' focused on supporting families, children, and adults in crisis situations, particularly related to missing children and school or family problems. It offers telephone crisis intervention, online chat support, and professional counseling, positioning itself as a trusted and officially recognized service with backing from national and European institutions. The site targets a broad audience including families, educators, and the general public. Technically, the website employs modern web technologies such as Google Tag Manager and Cookiebot for consent management, with a moderate performance profile and good mobile optimization. Hosting is provided by Active24, consistent with the domain registration data. The site implements a comprehensive cookie consent mechanism with granular user controls, reflecting a good level of privacy compliance, although explicit privacy policy and terms of service pages are not clearly found in the provided content. From a security perspective, the site uses HTTPS (implied by external scripts loaded via HTTPS), but no explicit security headers or advanced security policies are evident in the HTML content. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is transparent and consistent with the organization's profile, indicating a legitimate and stable domain registration. Overall, the website demonstrates a solid risk posture with good privacy compliance and business credibility. Recommendations include enhancing security headers, publishing explicit security and incident response policies, and improving accessibility features to further strengthen the site's security and compliance posture.

The website cookie-bar.com is a parked domain page hosted and managed by GoDaddy.com, LLC. It does not contain any active business content, services, or products. The page primarily serves as a placeholder indicating the domain is available for purchase or is reserved by GoDaddy. The presence of a Trustpilot widget referencing GoDaddy.com reinforces the domain parking nature. The target audience is domain investors or buyers rather than end consumers. Technically, the site uses modern JavaScript and CSS assets served by GoDaddy's parking platform, with basic mobile optimization and fast loading times. However, the site lacks SEO optimization and accessibility features. Security posture is minimal with no detected security headers or DNSSEC enabled, though the domain is locked against unauthorized transfers or deletions. Privacy compliance is limited to a link to GoDaddy's global privacy policy, with no cookie consent mechanism or GDPR-specific disclosures on the domain itself. Overall, the site is low risk but offers minimal value beyond domain parking.

G

Grizzly Ads

grizzlyads.com

57

Grizzly Ads is a technology startup offering an ad booking and management platform targeted at creative businesses and content creators. The platform is currently in beta, focusing on enabling creators to sell ad slots directly to sponsors with unlimited bookings and direct payments. The website reflects this early stage with clear but limited content and a focus on onboarding beta users. Technically, the site is built on the Bubble.io platform, leveraging modern JavaScript libraries and cloud hosting via AWS Cloudfront CDN. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. The technical infrastructure is adequate for a startup but could benefit from enhanced security configurations. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and important security headers. There are no visible incident response or security policies, and cookie consent mechanisms are absent. Analytics usage is minimal, relying on plausible.io, which is privacy-focused. Overall, the security posture is moderate but requires improvements to meet best practices. The overall risk is moderate given the startup nature and limited exposure. Strategic recommendations include enabling DNSSEC, implementing security headers, adding cookie consent and privacy enhancements, and publishing incident response contacts to improve trust and compliance.

D

DreamHost

dreamhost.com

67

DreamHost is a well-established web hosting and domain registration provider offering a variety of services including managed WordPress hosting and business email solutions. The company targets small to medium businesses, developers, and enterprises seeking reliable hosting with a 100% uptime guarantee and 24/7 support. Their market position is strong within the technology sector, emphasizing growth and customer service. Technically, the website leverages modern frameworks such as React and Gatsby, ensuring fast performance, mobile optimization, and good accessibility. Integration of Google Tag Manager and OneTrust for cookie consent reflects a mature digital infrastructure. The site is hosted likely on DreamHost's own infrastructure or CDN, with excellent SSL and security headers implemented. From a security perspective, DreamHost demonstrates good practices including HTTPS enforcement, security headers, and captcha on forms. However, explicit security policies, incident response details, and vulnerability disclosure programs are not publicly available, which could be improved to enhance transparency and trust. Overall, the website is professional, trustworthy, and compliant with privacy regulations such as GDPR. The lack of WHOIS data transparency slightly impacts trust but is likely due to privacy protection or query limitations. Strategic recommendations include publishing detailed security policies and establishing a vulnerability disclosure program to further strengthen security posture.

Z

zGoat

zgo.at

54

The website zgo.at, titled 'zGoat', serves as a personal repository and showcase for Go programming language packages and tools developed by the owner. It primarily targets Go developers seeking open source libraries and utilities, offering a variety of applications and libraries with links to GitHub and GoDoc documentation. The business model is centered on open source software distribution, with no commercial or enterprise presence indicated. Technically, the site is simple, fast-loading, and mobile-optimized, using standard web technologies and a privacy-focused analytics service (GoatCounter). However, it lacks formal privacy, cookie, or terms of service policies, and does not provide contact or security incident information. Security posture is basic, with no detected security headers or advanced protections, but no vulnerabilities or malicious content were found. Overall, the site is a legitimate, small-scale developer project with moderate trustworthiness but could improve compliance and security transparency.

Patio.coop is a global network of worker-owned tech cooperatives specializing in software development, communication, and design services. The cooperative model emphasizes democratic ownership and international collaboration, with over 80 cooperatives and 1500 cooperators across 24+ countries. The website presents a professional and consistent brand image targeting organizations and individuals interested in cooperative technology solutions. Technically, the site leverages modern JavaScript libraries such as Three.js and D3 for interactive globe visualizations, and uses standard web technologies including CSS3 and HTML5. Hosting and DNS are managed via NS1 DNS servers, indicating a reliable infrastructure. Security posture is moderate; domain registration includes transfer prohibitions, but lacks DNSSEC and security headers. No privacy or cookie policies are present, and contact is limited to a web form without direct emails or phone numbers. Social media presence is strong and aligned with the cooperative identity. Overall, the site is safe, professional, and functional but could improve in privacy compliance and security best practices.

The website at scantrade.com/lander is currently a minimal landing or parking page with very limited content. It primarily serves advertisements via Google Adsense and does not provide any meaningful business information, contact details, or policies. The domain is registered with GoDaddy.com, LLC and has been active since 2003, indicating a long-standing registration. However, the website itself does not reflect an active or mature business presence. Technically, the site uses JavaScript and CSS loaded from a third-party parking service domain, with no detected CMS or advanced frameworks. Security posture is basic with no DNSSEC enabled and no security headers detected. Privacy and compliance policies are absent, and no contact or incident response information is provided. Overall, the site appears to be a placeholder rather than an operational business website.

S

Startup Tech Valley

startuptechvalley.org

59

Startup Tech Valley is a small event organization focused on fostering the startup ecosystem in the Capital Region of the United States. They organize premier startup events featuring pitches, networking, and community engagement, targeting entrepreneurs, investors, and business leaders. The website is professionally designed using Squarespace, with good mobile optimization and moderate performance. Social media presence is strong, supporting community outreach and event promotion. Security posture is good with HTTPS and HSTS enabled, and Google reCAPTCHA implemented to protect forms. However, the absence of privacy and cookie policies, lack of explicit contact information, and missing WHOIS data reduce overall trust and privacy compliance. The domain's legitimacy is partially uncertain due to unavailable WHOIS records, though the website content and external event registration links suggest a legitimate business. Strategic improvements in privacy compliance, security headers, and transparency would enhance trust and compliance.

A

assemblag.es

assemblag.es

10

assemblag.es operates as a niche Mastodon instance dedicated to individuals interested in creative and critical discussions about technology. The platform emphasizes a strong community code of conduct and privacy awareness, positioning itself as a thoughtful and moderated decentralized social media environment. The service is small-scale but maintains a clear focus on its target audience, leveraging the Mastodon and Hometown software stack to deliver its offerings. The website content is well-organized and professional, with clear administrative contact details and policies, although some standard compliance elements like cookie consent are missing. Technically, assemblag.es uses modern open-source technologies including Mastodon version 4.2.17 with the Hometown frontend, hosted via a CDN provider. The site is mobile-optimized and provides a good user experience, though accessibility and SEO optimizations are basic. Security posture is moderate with HTTPS implied but lacking explicit security headers and published security policies. The absence of WHOIS data due to registrar restrictions limits external verification of domain legitimacy, but the site content and operational transparency support trustworthiness. Security-wise, the platform enforces a strict code of conduct and privacy policy, but lacks formal incident response and vulnerability disclosure mechanisms. No tracking or advertising is present, enhancing privacy. The overall risk is moderate, with recommendations to improve security headers, cookie consent, and publish explicit security policies to strengthen compliance and user trust. Strategically, assemblag.es should focus on enhancing its security posture and privacy compliance to maintain and grow its user base in a competitive decentralized social media landscape.

L

Los Angeles Times

latimes.com

73

Los Angeles Times is a leading American daily newspaper with a strong digital presence, delivering news and information primarily focused on Los Angeles and California. The website demonstrates a mature technical infrastructure with a modern tech stack incorporating various advertising and analytics technologies. The site is well-optimized for performance, mobile responsiveness, and accessibility, reflecting a high level of digital maturity. Security posture is robust with HTTPS enforcement and multiple security headers, though public security policies and incident response information are not prominently available. The absence of WHOIS data is unusual but does not detract significantly from the site's legitimacy given its brand recognition and content quality. Overall, the site presents a low risk profile with recommendations to enhance transparency around security and privacy practices.

A

Ars Technica

arstechnica.com

11

Ars Technica is a well-established online media company specializing in technology news, reviews, and analysis since 1998. It targets technologists, IT professionals, and tech enthusiasts with comprehensive coverage of IT, AI, science, cybersecurity, and related fields. The website operates under the Condé Nast parent company, reflecting a large-scale media presence with a professional and consistent brand identity. Technically, the site leverages WordPress CMS, modern JavaScript libraries, and advanced analytics tools such as Google Tag Manager and Snowplow, hosted on AWS infrastructure. The site demonstrates excellent performance, mobile optimization, and SEO practices. Security-wise, Ars Technica enforces HTTPS, employs security headers, and restricts domain transfers, though it lacks DNSSEC and explicit security policies in the visible content. Privacy compliance is partially implemented with a consent management system but lacks visible privacy and cookie policies in the provided data. Overall, the site is trustworthy, professional, and safe for general audiences.

The website archive.li is a web archiving service that allows users to save and access snapshots of web pages. However, the content provided is a security check page requiring CAPTCHA completion before access, indicating the presence of a Web Application Firewall or bot mitigation system. This limits the ability to fully analyze the website's content, policies, and business information. The technical infrastructure includes the use of Google reCAPTCHA and is hosted on Hetzner Online GmbH's infrastructure. Security posture shows some best practices with CAPTCHA usage but lacks visible security headers and policies. Overall, the site is partially inaccessible, limiting trust and compliance assessments.

V

Virtuplex

virtuplex.space

63

Virtuplex operates the world's largest commercial virtual reality labs with locations in Dubai, Bratislava, and Prague. The company specializes in providing VR solutions that allow clients to experience and interact with buildings, products, and spaces before they are physically built. Their market position is strong, supported by over 100 projects and a diverse client base across industries such as real estate, urban planning, retail, manufacturing, and defense. The website reflects a mature digital presence with modern technologies and comprehensive service descriptions.

C

Cooperpress

golangweekly.com

10

Golang Weekly is a niche technology newsletter focused on the Go programming language, published by Cooperpress. It targets developers and enthusiasts interested in Go, providing weekly curated content and an RSS feed. The business model centers on subscription-based newsletter distribution, with a long-standing presence since 2012, indicating stable market positioning within its niche. The website branding is consistent and professional, supporting trust and engagement within its target audience. Technically, the website employs modern web technologies including Google Analytics, Google Tag Manager, and Cloudflare Turnstile CAPTCHA for form security. DNS hosting is managed via DNSimple, and the site uses standard HTML5, CSS, and JavaScript. Mobile optimization and SEO practices are good, though accessibility is basic. Performance is moderate, with no major technical debt or CMS detected. From a security perspective, the site uses HTTPS (implied by Google Analytics and Turnstile usage), includes CSRF protection on forms, and employs CAPTCHA to mitigate spam. However, DNSSEC is not enabled, and no explicit security headers or incident response policies are published. Privacy compliance is partially addressed with clear privacy and GDPR policies, but no cookie consent mechanism is present despite tracking scripts. No vulnerabilities or suspicious content were detected. Overall, the website presents a low-risk profile with good business credibility and technical implementation. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance its security posture and compliance maturity.

Z

ZDNET

zdnet.com

11

ZDNET is a well-established technology news and professional advice platform, serving IT professionals and business decision makers globally. As part of Ziff Davis, it holds a strong market position with a comprehensive offering of technology news, product reviews, and industry analysis. The website demonstrates a mature digital infrastructure leveraging modern JavaScript frameworks, advanced analytics, and advertising technologies. Security posture is robust with HTTPS enforcement, security headers, and privacy compliance mechanisms in place. No critical vulnerabilities or suspicious activities were detected. Overall, ZDNET presents a trustworthy and professional online presence with excellent content quality and user experience.

B

ByteDance

cloudwego.io

59

CloudWeGo is an open-source middleware platform primarily focused on enabling enterprise cloud-native architectures and microservices. Backed by ByteDance, it offers a suite of high-performance frameworks and tools such as Kitex, Hertz, and Volo, targeting developers and organizations building scalable microservices. The website reflects a mature, professional presence with clear branding and a focus on technology innovation. Technically, the site is built using modern static site generation (Hugo), with a tech stack including Go, Rust, JavaScript, and Bootstrap, delivering fast performance and good mobile optimization. Security posture is solid with HTTPS enforced and dedicated vulnerability reporting pages, though it lacks some security headers and formal privacy/cookie policies. Overall, the domain and website appear legitimate and trustworthy, with strong enterprise user endorsements and active community engagement via GitHub and Discord.

E

Ent Foundation

entgo.io

57

Ent Foundation operates the entgo.io website, which provides an open source entity framework (ORM) for the Go programming language. The website targets Go developers and software engineers seeking a powerful yet simple ORM solution. The project is positioned as a niche technology provider with a focus on schema modeling, graph traversal, and code generation. The business model is primarily open source with community and enterprise adoption. The website content is professional, well-structured, and supported by documentation and social media presence, indicating a mature digital footprint. Technically, the website uses modern web technologies including Docusaurus for documentation, JavaScript libraries like Clipboard.js, and Google Analytics for tracking. Hosting appears to be on AWS infrastructure, supported by AWS DNS servers. The site is performant, mobile-optimized, and SEO-friendly. However, some security best practices such as DNSSEC and security headers are missing, and no cookie consent mechanism is implemented despite the presence of a cookie policy. From a security perspective, the site enforces HTTPS and has domain transfer protections in place. No vulnerabilities or exposed sensitive data were detected. However, the absence of a published security policy, incident response contacts, and vulnerability disclosure reduces the overall security maturity. Privacy compliance is basic, with privacy and cookie policies linked to Facebook Open Source legal pages, but no explicit GDPR compliance statements or consent mechanisms. Overall, the website is trustworthy and professional with a strong business credibility score. The main risks relate to incomplete security and privacy practices. Strategic improvements in security headers, incident response transparency, and cookie consent would enhance the security posture and compliance. The domain registration data aligns well with the website content, supporting legitimacy and trustworthiness.