High-risk security reports

T

TOURTREND

chatyachalupy.cz

48

Chatyachalupy.cz is a well-established online platform specializing in the rental of holiday cottages and chalets primarily in the Czech Republic and Slovakia, with offerings extending to other European countries. The business operates as a traditional family company with over 35 years of market presence and a large customer base exceeding 1.7 million satisfied clients. Their service model focuses on providing a wide range of rental options, from luxury cottages with pools to affordable isolated cabins, supported by online booking and modern payment methods including QR code payments. The website is professionally designed, mobile-optimized, and provides clear navigation and contact information, enhancing user experience and trust. Technically, the website employs a modern technology stack including Google Tag Manager for analytics, Smartsupp for live chat support, and Smartlook for user session recording, indicating a mature digital infrastructure. The site uses Bootstrap for responsive design and Google Fonts for typography. Hosting is managed by REG-ACTIVE24, a Czech registrar, consistent with the business's regional focus. Performance is moderate with good SEO and basic accessibility features. From a security perspective, the site benefits from HTTPS encryption and uses reputable third-party scripts for analytics and customer interaction. However, it lacks explicit security headers and does not publicly disclose a security policy or incident response procedures. Privacy compliance is partially addressed with a comprehensive privacy policy, but the absence of a cookie consent mechanism suggests room for improvement in GDPR compliance. No vulnerability disclosure or security.txt files were found. Overall, the website presents a low-risk profile with strong business credibility and a good technical foundation. Strategic recommendations include implementing cookie consent banners, enhancing security headers, and publishing security and incident response policies to further strengthen trust and compliance.

I

Inferential

inferential.fr

43

Inferential is a French company specializing in healthcare-related data management, biostatistics, and methodological expertise. Founded in 2010, it serves over 60 clients across 12 countries with a strong portfolio of projects and deliverables. The company targets healthcare and research organizations requiring advanced statistical and data services. The website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the website is built on WordPress with modern technologies such as Tailwind CSS, Vue.js, and Axios. It is mobile optimized and uses Google Analytics for user tracking. However, some security best practices like security headers are not evident, and privacy and cookie policies are missing, which impacts compliance and trust. Security posture is generally good with HTTPS enforced and secure form handling, but the absence of WHOIS data and domain registration details raises concerns about domain legitimacy. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the website is professional and functional but would benefit from improved transparency in privacy compliance and enhanced security headers. Verification of domain registration is recommended to strengthen trust.

L

Little Stories

littlestories.fr

45

Little Stories is a French creative agency focused on reimagining corporate storytelling and brand design with an emphasis on sustainability, equity, and social impact. The agency targets businesses seeking to enhance their brand image and societal contribution through innovative design and narrative techniques. The website is professionally designed, content-rich, and well-branded, reflecting a small but focused agency presence. Technically, the website is built on WordPress with modern frontend technologies such as Modernizr and lazy loading for images. It uses Google Analytics for user tracking and is served over HTTPS with good SSL configuration. However, some security best practices like security headers and privacy/cookie policies are missing or not easily discoverable, which could be improved to enhance compliance and security posture. From a security perspective, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of WHOIS data limits the ability to fully verify domain legitimacy, but the professional contact information and active social media presence support the site's credibility. Overall, the site scores well on content quality and business credibility but could improve in privacy compliance and security headers. Strategic recommendations include implementing comprehensive privacy and cookie policies with consent mechanisms, adding security headers, publishing incident response and vulnerability disclosure information, and enhancing accessibility features to improve compliance and user trust.

Ma Propre Energie is an educational website offering a digital comic to help citizens understand and engage with energy issues, particularly focusing on renewable energy and local citizen projects in France. The site is associated with Énergie Partagée, a known organization promoting citizen investment in renewable energy projects. The website uses WordPress CMS hosted by OVH and integrates tracking tools like Google Analytics and Facebook SDK. While the site is well-designed and content-rich, it lacks visible privacy and cookie policies, which is a compliance concern. The use of an outdated jQuery version poses a security risk. Overall, the website is legitimate, safe, and serves a niche educational purpose but would benefit from improved privacy compliance and security hardening.

The Observatoire Europe Climat website is a non-profit transparency platform operated by Réseau Action Climat, focused on monitoring and evaluating the climate commitments of European elected officials and the French government in Europe. The site provides legislative tracking and ratings to promote accountability in climate policy. The business operates primarily in the energy and transportation sectors within the non-profit industry, targeting citizens interested in European climate governance. The domain is registered since 2019, consistent with the organization's timeline. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as Vue.js and Axios, with Google Analytics and Google Tag Manager for tracking. The site is hosted by OVH and enforces HTTPS with redirects, indicating a baseline of security. Performance and mobile optimization are moderate to good, though accessibility features are basic. SEO is adequately addressed with meta tags and structured data. From a security perspective, the site enforces HTTPS but lacks important security headers like Content-Security-Policy and X-Frame-Options. No forms or input fields were detected, reducing attack surface, but no explicit security or incident response policies are published. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. No contact information or vulnerability disclosure policies are provided, limiting transparency. Overall, the website presents a moderate risk profile with good business credibility but room for improvement in security posture and privacy compliance. Strategic recommendations include implementing security headers, adding cookie consent, publishing security and incident response policies, and improving accessibility and contact transparency.

A

Autonomie Paris Saint-Jacques, Maison des Aînés et des aidants Paris Centre

centraider.fr

45

Centr'aider® is a specialized resource website dedicated to supporting caregivers (aidants) in the Île-de-France region. It provides comprehensive information on caregiver rights, available aids, activities, and professional resources. The platform is funded by the Agence Régionale de Santé Île-de-France and initiated by the association Autonomie Paris Saint-Jacques, reflecting a strong governmental and non-profit backing. The website targets caregivers, professionals working with caregivers, and organizations offering aid services, positioning itself as a trusted regional support hub. Technically, the site is built on WordPress with modern JavaScript libraries such as Vue.js and Axios, and uses FontAwesome for icons. It employs a GDPR-compliant cookie consent mechanism via the Complianz plugin and integrates Google Analytics for user behavior insights. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS and uses cookie consent management, but lacks explicit security headers and a published security policy or incident response information. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data is not publicly available, which is common for .fr domains, but the website's legitimacy is supported by its official funding and professional presentation. Overall, Centr'aider® presents a secure, professional, and privacy-conscious platform with a clear mission to support caregivers in the Île-de-France region. Strategic improvements could include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and compliance.

C

Collectif Transition Citoyenne

pactetransition-legislatives.org

46

The website pactetransition-legislatives.org is a French non-profit civic engagement platform operated by the Collectif Transition Citoyenne. It focuses on ecological and social transition issues relevant to the 2022 legislative elections in France. The platform provides detailed information on seven key transition challenges, maps interpellations of legislative candidates by citizens and associations, and encourages voter engagement. The site is well-structured, content-rich, and targets French citizens interested in environmental and social policy. Technically, it is built on WordPress, hosted by OVH sas, and uses modern web technologies including Leaflet.js for mapping and Google Analytics for tracking. Security posture is adequate with HTTPS enabled and domain registration consistent and transparent, though DNSSEC is not enabled and security headers are missing. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. No direct contact information or incident response policies are visible. Overall, the site is safe, professional, and trustworthy but would benefit from enhanced privacy compliance and security best practices.

The website abson.cz is currently inaccessible due to a 403 Forbidden error, indicating restricted access or blocking by the server. The domain is registered since 2016 with a Czech registrar (REG-WEDOS), consistent with the domain's Czech Republic location. No website content, metadata, or business information is available for analysis. The hosting provider is WEDOS, a known Czech hosting company. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are found, and no contact or security information is available. This severely limits the ability to assess the company's business operations, technical infrastructure, or security posture. The site does not show any adult or unsafe content based on the minimal HTML provided.

Kotelna 55 is a collective of marketing agencies and talented individuals specializing in various areas of marketing communication, based in the Czech Republic. The website presents the business as a niche marketing agency group offering services related to marketing communications and event space rental. The company was founded in 2015, consistent with the domain registration date, and targets businesses seeking marketing solutions. The site includes social media links and an embedded Google Map showing their physical location, enhancing trust and accessibility. Technically, the website uses a combination of Bootstrap 3.3.6, jQuery 1.12.0, React (implied), Google Tag Manager, Google Analytics, and Google Maps API. The hosting provider is likely Active24, based on the registrar and nameserver information. The site has basic mobile optimization with a redirect to a mobile version for smaller screens. SEO and accessibility features are basic, with room for improvement. From a security perspective, the site uses HTTPS and asynchronous loading of tracking scripts, but lacks explicit security headers and uses an outdated jQuery version, which may pose vulnerabilities. There are no visible forms or input fields to assess secure data handling. Privacy and cookie policies are absent, indicating compliance gaps with GDPR and related regulations. No incident response or vulnerability disclosure information is provided. Overall, the website is functional and moderately professional but requires enhancements in privacy compliance, security best practices, and technical modernization to improve trustworthiness and reduce risk.

I

Internet Live Stats - Internet Usage & Social Media Statistics

internetlivestats.com

46

Internet Live Stats is a niche informational website providing real-time internet usage and social media statistics. It offers live counters, historical trends, and visualizations targeting a general audience interested in internet growth and social media metrics. The business model appears to be advertising-supported, leveraging Google Adsense and analytics services. The website is technically built on Bootstrap and jQuery, with additional scripts for live statistics and tooltips. It is mobile-optimized with a moderate performance profile. From a security perspective, the site uses HTTPS but lacks important security headers and does not provide privacy or cookie policies, which are critical for compliance and user trust. No contact or incident response information is available, limiting transparency. The absence of WHOIS data for the domain is unusual and reduces the overall trustworthiness, although the website content and technical setup appear professional and legitimate. Overall, the site is functional and provides valuable data but requires improvements in privacy compliance, security best practices, and transparency to enhance trust and reduce risk. The domain's WHOIS inconsistency warrants further monitoring to ensure legitimacy.

S

SAS WP MEDIA

secupress.me

49

SecuPress is a French company specializing in WordPress security solutions, offering a professional plugin designed to protect websites from hacking, data loss, and reputation damage. The company positions itself as a niche provider with expert support and a clear focus on WordPress site security. Their product includes scanning, anti-intrusion, data protection, and e-reputation management features, targeting WordPress site owners and administrators. Technically, the website is built on WordPress with modern integrations such as Stripe for payments and uses common libraries like jQuery. Hosting is provided by a reputable French provider, o2switch. The site demonstrates good SEO and mobile optimization, though accessibility is basic. Security posture is solid with HTTPS enabled and no exposed sensitive data, but lacks some advanced security headers and explicit security policies. The security posture is generally strong, with no visible vulnerabilities or exposed sensitive information. However, the absence of a cookie consent mechanism and detailed incident response information indicates areas for compliance improvement. The WHOIS data aligns well with the business claims, showing a consistent and legitimate registration. Overall, SecuPress presents a trustworthy and professional online presence with a solid technical foundation and business credibility. Strategic improvements in privacy compliance and security transparency would enhance their security posture and regulatory alignment.

D

DYGI - Social Media Agency, s.r.o.

dygi.cz

37

DYGI: is a small digital marketing agency based in Prague, Czech Republic, specializing in social media marketing, influencer campaigns, crisis communication, political lobbying, and training workshops. Founded in 2019, the company targets businesses seeking to enhance their social media presence and digital communication strategies. The website presents a professional image with clear branding, contact information, and social media integration, positioning DYGI as a niche player in the Czech digital marketing sector. Technically, the website uses standard web technologies including HTML5, CSS animations, and JavaScript with jQuery. Hosting appears to be provided by Active24, a regional hosting provider consistent with the company's location. The site is mobile-optimized with good navigation and SEO practices, though accessibility features are basic. Performance is moderate with no major technical issues detected. From a security perspective, the site uses HTTPS and secure form submission but lacks visible security headers and published privacy or cookie policies, indicating compliance gaps with GDPR and general data protection best practices. No incident response or security contact information is provided. The WHOIS data is transparent and consistent with the business claims, supporting legitimacy. No suspicious or malicious indicators were found. Overall, DYGI presents a credible and professional digital marketing agency website with room for improvement in privacy compliance and security hardening. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

The website www.trebicnakole.cz serves as a comprehensive cycling portal for the city of Třebíč, Czech Republic. It provides valuable information for cyclists including transport safety, tourism routes, equipment advice, and local cycling services. The site is supported by regional government and partner organizations, positioning it as a trusted local resource for cycling enthusiasts and commuters. The content is well-structured, professionally designed, and targeted primarily at local cyclists and tourists interested in exploring Třebíč by bike. From a technical perspective, the site employs a traditional web stack with jQuery, Modernizr, and various UI libraries such as Fancybox and Remodal. Google Tag Manager and CookieScript are used for analytics and cookie consent management, indicating a moderate level of digital maturity. The site is mobile optimized and SEO-friendly, though some technologies like jQuery are outdated and could benefit from modernization. Security posture is moderate; HTTPS is implied but no explicit security headers were detected. The cookie consent mechanism is robust and GDPR compliant, with detailed cookie categorization and user controls. However, the absence of WHOIS data for the domain reduces trustworthiness and raises questions about domain registration legitimacy. No critical vulnerabilities or exposed sensitive data were found, but updating libraries and adding security headers would improve security. Overall, the website is a valuable community resource with good content quality and privacy compliance. The main risk lies in the lack of domain registration transparency and some technical debt. Strategic recommendations include verifying domain registration, upgrading outdated libraries, implementing security headers, and enhancing contact information availability to strengthen trust and security posture.

The website www.trebicsko-moravskavysocina.cz serves as a regional tourism portal for the Třebíčsko area in the Vysočina region of the Czech Republic. It provides comprehensive information on local attractions, events, accommodation, gastronomy, and regional products, targeting tourists and visitors interested in exploring this culturally rich and scenic area. The site is supported by regional government and tourism partners, enhancing its credibility as a destination marketing organization. Technically, the site uses a combination of older JavaScript libraries such as jQuery 1.10.2 and Swiper 2.4.1, alongside modern tracking tools like Google Analytics and Facebook Pixel. While the site is accessible and uses HTTPS with proper SSL configuration, it lacks modern security headers and uses outdated libraries, which could pose security risks. Privacy compliance is partially addressed through a cookie consent mechanism, but no explicit privacy policy or terms of service pages were found. The absence of WHOIS data for the domain raises concerns about domain legitimacy verification, although the website content and partner affiliations suggest a legitimate regional tourism entity. Overall, the site demonstrates good content quality and user experience but would benefit from enhanced security practices and clearer compliance documentation.

Y

Yann Rolland

yannrolland.com

45

Yann Rolland operates as a freelance consultant specializing in digital advice, design, and development, primarily serving clients in the energy transition, environmental, and social sectors. The website presents a professional portfolio showcasing a wide range of projects for reputable organizations, indicating a strong niche market position in France. The business model is focused on freelance digital services with a clear emphasis on sustainable and socially impactful projects. Technically, the website is built with standard web technologies including HTML5, CSS, JavaScript, and jQuery, hosted on o2switch.net. The site is mobile-optimized with moderate performance and basic accessibility features. SEO is basic but sufficient for the site's purpose. Analytics are implemented via Google Analytics, but no cookie consent mechanism or privacy policies are present, indicating room for compliance improvement. From a security perspective, the site uses HTTPS with a valid SSL certificate and has domain transfer protections enabled. However, DNSSEC is not enabled and no security headers are detected, which are recommended enhancements. No forms or sensitive data collection points are present, reducing attack surface. The absence of privacy and cookie policies and vulnerability disclosure mechanisms are notable compliance gaps. Overall, the website is professional and trustworthy with a solid business credibility score. The main risks relate to privacy compliance and security best practices. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and establishing a vulnerability disclosure process to enhance security posture and regulatory compliance.

P

Power Yoga Akademie

poweryoga.cz

45

Power Yoga Akademie is a Czech Republic-based accredited educational center specializing in yoga instructor training and workshops. The organization holds official accreditations from the Ministry of Education, Youth and Sports (MŠMT) and Yoga Alliance, offering recognized certifications including state exams and international diplomas. Their services cater primarily to individuals seeking professional yoga qualifications and enthusiasts interested in seminars and online courses. The website presents a professional and consistent brand image with clear navigation and relevant content.

E

emocio s.r.o.

jogavirtual.cz

45

Jóga Virtual is a Czech-based online yoga platform offering a comprehensive video library with over 380 yoga videos, including courses, workshops, and DVDs. The business targets a broad audience ranging from beginners to advanced practitioners, including specialized groups such as pregnant women and seniors. The platform operates on a subscription model providing on-demand yoga content accessible anytime. Technically, the website uses common web technologies such as jQuery, Google Tag Manager, and Font Awesome, with a moderate performance profile and good mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though some security headers are missing. The absence of WHOIS data reduces domain trustworthiness, but the website content and business presence appear professional and legitimate.

V

Václav Krejčík

vaclavkrejcik.cz

46

Václav Krejčík is a small-scale personal brand focused on yoga, breathwork, and holistic wellness services primarily targeting Czech-speaking audiences. The website offers a variety of services including in-person and online yoga classes, retreats, podcasts, and educational content such as books. The business model revolves around direct service provision and content monetization through courses and product sales. The site is well-branded and professionally presented with consistent messaging and clear navigation. Technically, the website employs a moderately modern tech stack including jQuery, Bootstrap, Font Awesome, and Google Analytics, with a CMS likely Joomla. The site is mobile-optimized and uses HTTPS with cookie consent mechanisms aligned with GDPR requirements. However, some technical improvements are possible, such as updating JavaScript libraries and adding advanced security headers. From a security perspective, the site demonstrates good baseline practices including HTTPS and cookie consent but lacks published security policies or incident response information. The absence of WHOIS data for the domain is a notable concern that impacts domain trustworthiness. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is a credible and professional platform for yoga and wellness services with good privacy compliance and user experience. The main risk lies in the lack of domain registration transparency and minor technical security enhancements. Strategic recommendations include verifying domain registration, enhancing security headers, and publishing security policies to improve trust and compliance.

Y

Yoga Market

jogamarket.cz

48

Yoga Market is a specialized e-commerce retailer based in the Czech Republic, offering a wide range of yoga and wellness products including mats, clothing, books, meditation accessories, and health supplements. The website targets yoga practitioners and wellness enthusiasts, positioning itself as a niche player in the retail sector with a focus on quality and customer trust. The site is professionally designed with good content relevance and clear navigation, supporting a positive user experience. Technically, the website employs modern web technologies such as Bootstrap, jQuery, Google Tag Manager, and Facebook Pixel, ensuring a responsive and interactive user interface. The site is served over HTTPS with cookie consent mechanisms in place, reflecting a good level of digital maturity and privacy compliance. However, some security headers are missing, and there is no visible security.txt or incident response information, indicating room for improvement in security transparency. From a security perspective, the site demonstrates solid practices including secure login forms and GDPR-compliant cookie management. No vulnerabilities or exposed sensitive data were detected in the analysis. The absence of WHOIS data limits the ability to fully verify domain legitimacy, but the professional presentation and clear contact details support a trustworthy business profile. Overall, Yoga Market presents a secure, privacy-conscious, and user-friendly online retail platform with a strong focus on yoga and wellness products. Strategic enhancements in security policy publication and domain transparency could further strengthen its trustworthiness and compliance posture.

V

Václav Krejčík

energyclinic.cz

46

The website www.vaclavkrejcik.cz represents the personal brand of Václav Krejčík, a yoga instructor and wellness expert based in the Czech Republic. The site offers a variety of yoga-related services including in-person and online classes, retreats, workshops, books, and podcasts. The content is well-structured and professionally presented, targeting yoga practitioners and wellness seekers. The business model is service and content-driven, focusing on holistic health and breathing techniques. The site integrates modern web technologies such as jQuery, Bootstrap, Google Analytics, and Tag Manager, and includes a cookie consent mechanism compliant with GDPR. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information are absent. WHOIS data is unavailable due to privacy protection, which is typical for personal brand websites. Overall, the site is trustworthy, professionally maintained, and compliant with privacy regulations.

E

Energy Studio

energystudio.cz

45

Energy Studio is a well-established yoga studio based in Prague, offering a broad spectrum of yoga classes for beginners to advanced practitioners, including online Zoom sessions and a dedicated e-shop for yoga-related products. The website reflects a professional and user-friendly platform with clear navigation, comprehensive content, and active social media engagement. The business targets yoga enthusiasts in Prague and beyond, emphasizing wellness, relaxation, and physical fitness. Technically, the site employs modern web technologies such as Bootstrap, jQuery, and integrates Google Tag Manager and Facebook Pixel for analytics and marketing. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. The absence of public WHOIS data suggests privacy protection, which is reasonable for this business type. Overall, the site demonstrates good digital maturity and business credibility.

C

Chvalský zámek

chvalskyzamek.cz

47

Chvalský zámek is a cultural and hospitality venue located near Prague, offering event space rentals, including weddings and exhibitions. The website presents a professional and well-structured digital presence built on WordPress with Elementor, featuring good mobile optimization and clear navigation. The site includes GDPR-compliant privacy and cookie policies with an active consent mechanism, reflecting attention to privacy compliance. Security posture is adequate with HTTPS enabled, though security headers are not visibly implemented, suggesting room for improvement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website supports a small hospitality business with a focus on cultural events and venue rentals, maintaining a trustworthy and user-friendly online presence.

H

Hotel Mazanka

hotel-mazanka.cz

44

Hotel Mazanka is a hospitality business operating a hotel near the center of Prague, offering accommodation and conference facilities. The hotel has historical significance as it was originally built in 1968 for foreign scientists and guests of the Czech Academy of Sciences. The website reflects a small-sized, niche hospitality provider with a clear focus on comfort and accessibility. The business is affiliated with the Academy of Sciences of the Czech Republic, enhancing its credibility and trustworthiness. Technically, the website is built on OpenCms and uses a combination of legacy and modern web technologies including jQuery 1.11.0, Slick Carousel, and Google Analytics. The site is mobile optimized with good navigation and content quality, though some technical improvements could be made such as updating JavaScript libraries and enhancing accessibility features. The website is fully accessible with no blocking or WAF challenges detected. From a security perspective, the site uses HTTPS and does not expose sensitive data. However, it lacks visible security headers and a cookie consent mechanism, which are important for GDPR compliance and overall security posture. The WHOIS data is unavailable or privacy protected, which is common but limits domain registration transparency. The contact information is clear and professional, supporting business credibility. Overall, the website presents a trustworthy and professional hospitality business with moderate technical maturity and some room for security and privacy improvements. Strategic recommendations include implementing security headers, adding cookie consent, updating libraries, and publishing explicit security policies to enhance trust and compliance.

E

enabl

enabl.fr

44

enabl is a French-based No Code and AI agency located in Nantes, targeting small and medium enterprises (TPE and PME). Founded in 2020, it operates as a hub and agency under the parent company Digital Korner. The company focuses on accelerating digital project delivery by leveraging No Code technologies and AI, offering services such as audit and consulting, production and deployment, and training and support. Their market position emphasizes rapid, cost-effective digital transformation solutions for SMEs. Technically, the website is built using modern front-end technologies including HTML5, CSS3, JavaScript, jQuery, Typed.js, and AOS for animations. It is hosted by Infomaniak Network SA and uses the Dorik CMS platform. The site is mobile-optimized with good SEO practices and moderate performance. Analytics are implemented via Google Tag Manager and Google Analytics, indicating moderate user tracking. From a security perspective, the site enforces HTTPS with excellent SSL configuration and employs basic anti-spam measures in its contact form. However, it lacks security headers and published security or incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a web form, with no direct emails or phone numbers provided. Overall, the website is professional and trustworthy with good content quality and technical implementation. The main risks relate to privacy compliance gaps and missing security best practices. Strategic improvements in these areas would enhance the site's security posture and regulatory compliance.

D

Digital Korner

wpconnect.co

48

WP connect is a specialized technology company offering no-code WordPress API integration plugins and add-ons that connect WordPress with popular business tools such as Airtable, Notion, Brevo, Odoo, and SendGrid. Their market position is focused on simplifying automation and data synchronization for WordPress users, particularly targeting small to medium businesses and no-code developers. The company emphasizes security, reliability, and ease of use, providing regular updates and responsive support. Technically, the website is built on WordPress 6.8.3 with modern JavaScript libraries and integrations such as Google Tag Manager, Stripe, and Weglot for multilingual support. Security posture is strong with HTTPS enforced, use of reCAPTCHA, and cookie consent mechanisms, though some security headers could be improved. Overall, the site is professional, well-structured, and trustworthy, with no critical vulnerabilities detected.

C

Comin.cz, s.r.o.

growito.cz

45

GROWITO is a Czech-based digital platform specializing in lead management and online marketing with artificial intelligence support. The platform aims to maximize business opportunities by converting potential leads into paying customers through a synergistic approach combining marketing and sales activities. The website targets a broad audience including medium to large companies, small businesses, automotive sector, and marketing agencies. Technically, the site uses modern web technologies such as Bootstrap, jQuery, Google reCAPTCHA, and Google Tag Manager, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS and uses bot protection mechanisms but lacks visible advanced security headers and published security policies. Privacy compliance is partially addressed via a cookie consent mechanism, but no explicit privacy policy or terms of service were found. Overall, the website presents a professional and trustworthy front with room for improvement in privacy and security transparency.

F

Fakir

fakirpresse.info

40

Fakir is a French independent media outlet focused on investigative journalism and social-political themes. The website offers journal articles, subscriptions, and an e-commerce platform selling related products such as DVDs and books. The site targets French-speaking readers interested in critical social commentary and political analysis. Technically, the website is built on WordPress using Elementor and WooCommerce, with good SEO and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though security headers and explicit incident response policies are absent. WHOIS data is privacy protected but consistent with a legitimate media entity. Overall, the site presents a professional and trustworthy digital presence with room for security enhancements.

L

La Vie des idées

laviedesidees.fr

43

La Vie des idées is a well-established French intellectual magazine founded in 2007, focusing on analysis and information about debates of ideas across politics, society, philosophy, arts, and sciences. It targets academics, researchers, and culturally engaged readers, offering essays, recensions, interviews, and dossiers. The website is built on the SPIP CMS platform and employs modern web technologies including jQuery, Google Analytics, and a GDPR-compliant cookie consent manager. It maintains a consistent brand identity and strong social media presence across multiple platforms. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though it lacks explicit security policies and vulnerability disclosures. The domain registration data is consistent and supports the site's legitimacy. Overall, the website provides a professional and trustworthy platform for intellectual content.

A

Atypie-Friendly

atypie-friendly.fr

46

Atypie-Friendly is a French national program dedicated to making higher education inclusive for individuals with neurodevelopmental disorders such as autism, ADHD, and dyslexia. It is coordinated by the University of Toulouse and supported by a network of over 40 higher education institutions. The program offers a variety of services including workshops, online hotlines, webinars, training for staff, and resources to support both students and educational institutions. The website is professionally designed, well-structured, and uses modern web technologies including WordPress and Elementor. It employs privacy-respecting analytics via Matomo and is hosted by OVH, a reputable provider. Security posture is good with HTTPS enforced, though some security headers and incident response information are missing. Privacy compliance is mostly adequate but lacks a cookie consent mechanism. Overall, the site is trustworthy, authoritative, and serves an important educational and social inclusion mission.

V

Varhan

varhan.cz

43

Varhan.cz is a small-scale artist portfolio website dedicated to Varhan O. Bauer, a composer and conductor based in the Czech Republic. The site showcases his concerts, projects including movies, advertisements, and compositions, as well as information about the orchestra he is associated with. The business model is focused on artist promotion and audience engagement within a niche cultural segment. The website is built on WordPress, leveraging common plugins such as WPML for multilingual support and MetaSlider for image slideshows. The technical infrastructure is moderate with standard performance and basic mobile optimization. Security posture is adequate with HTTPS enabled and CAPTCHA protection on forms, but lacks advanced security headers and complete analytics configuration. Privacy and cookie policies are absent, indicating compliance gaps. Overall, the site is safe for general audiences and presents a professional but modest online presence.

R

ReklamniPlachty.cz s.r.o.

reklamniplachty.cz

46

ReklamniPlachty.cz s.r.o. is a Czech-based company specializing in the production and installation of advertising tarpaulins and banners, serving customers in the Czech Republic and Slovakia. With over 15 years of experience, the company offers a strong value proposition combining quality and competitive pricing. Their services include graphic design, printing, and installation, supported by an e-commerce platform with customer accounts for order tracking and management. The website is professionally designed, mobile-optimized, and includes essential business contact information and social media presence. Technically, the site uses modern JavaScript libraries such as jQuery and Swiper.js, integrates Google Analytics and Facebook Pixel for marketing and analytics, and employs a cookie consent mechanism to comply with privacy regulations. Security posture is adequate with HTTPS enforced, but lacks some security headers and explicit security policies. WHOIS data is unavailable, which slightly reduces transparency and trust. Overall, the website is functional, professional, and trustworthy for its business domain.

U

Ubytování U Foltýnů

ufoltynu.cz

42

Ubytování U Foltýnů is a small hospitality business specializing in group accommodation across various scenic regions of the Czech Republic, including Šumava, Jizerské hory, Český les, and Hracholusky. The company targets groups such as sports teams, families, school classes, and friends, offering facilities tailored for group stays with capacities up to 26 persons. Their business model focuses on providing comfortable lodging with professional kitchens and recreational amenities, emphasizing a family-friendly and sport-oriented environment. The website content is well-structured, professionally designed, and optimized for SEO, reflecting a mature digital presence for a small regional business.

A

Atalian Česká republika

atalian.cz

48

Atalian Česká republika is a leading facility management company in the Czech Republic, offering a broad range of services including building operation, maintenance, and cleaning. The company positions itself as a market leader with over 70 years of experience, targeting both public and private sector clients. The website reflects a professional and consistent brand image with good SEO and social media integration. Technically, the site is built on WordPress with modern plugins and frameworks, hosted likely by Active24, and includes privacy-conscious analytics via Matomo. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit privacy and security policies are not found in the provided content. Overall, the site is trustworthy and well-maintained, suitable for its business purpose.

E

EVENT MEDIA s.r.o.

eventreg.cz

40

EVENT MEDIA s.r.o. operates eventreg.cz, a Czech Republic-based online registration platform specializing in sports event registrations such as runs and marathons. The website serves participants and organizers by providing login and registration functionalities for multiple branded sports events. The company is small-sized, founded in 2017, and maintains a consistent brand presence with clear company information displayed on the site. Technically, the website uses modern frontend technologies including Bootstrap, jQuery, and Chart.js, hosted on VAS Hosting infrastructure. The site is mobile optimized and performs moderately well, though accessibility and SEO optimizations are basic. Security posture is adequate with HTTPS enforced and secure login forms, but lacks security headers and explicit privacy or cookie policies. Tracking and marketing scripts are present without visible consent mechanisms, indicating privacy compliance gaps. WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the site is professional and trustworthy but could improve in privacy and security transparency.

Cyklomaraton is a well-established Czech event organizer specializing in cycling marathons, primarily operating in Hradec Králové. The website provides comprehensive event information, registration links, results, galleries, and news updates, supported by a network of reputable partners and sponsors including Decathlon, NN, and Škoda. The business targets cycling enthusiasts and amateur athletes, leveraging partnerships and media presence to maintain a strong regional market position. Technically, the website employs modern web technologies such as jQuery and Revolution Slider, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though security headers and explicit incident response policies are absent. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, though improvements in security policies and technical hardening are recommended.

R

RaulWalter s. r. o.

irontime.cz

47

IronTime, operated by RaulWalter s. r. o., is a Czech-based company specializing in chip timing services for sports events such as triathlons, duathlons, running, and cycling races. The company provides comprehensive race timing solutions including online registration, chip-based time measurement, result processing, and publication, as well as payment integration and participant notifications via SMS and email. Their niche focus positions them as a specialized service provider within the sports event management sector. The website is professionally designed with clear navigation and consistent branding, targeting race organizers and sports event coordinators primarily in the Czech Republic. From a technical perspective, the website uses a modern tech stack including Bootstrap, jQuery, and Font Awesome, hosted likely via Czech hosting providers. The site is mobile optimized and performs moderately well, though accessibility and SEO optimizations are basic. No CMS is detected, indicating a custom or static site approach. Security-wise, the site uses HTTPS but lacks visible security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. No analytics or tracking scripts were detected in the provided HTML, suggesting minimal user tracking. The security posture is moderate with no critical vulnerabilities detected in the visible content. However, improvements are recommended in implementing security headers, cookie consent, and explicit GDPR compliance in privacy policies. The WHOIS data is consistent with the business information, showing a domain age of over a decade and no privacy protection, which supports legitimacy and transparency. Overall, IronTime presents a trustworthy and professional online presence with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas will strengthen their risk posture and customer trust.

M

Městská část Praha 15

praha15.cz

44

Městská část Praha 15 operates as the official municipal government authority for the Praha 15 district in the Czech Republic. The website serves as a comprehensive portal for residents and visitors, offering information on public administration, social services, cultural events, and community engagement. It targets local citizens and stakeholders, providing essential government services and communication channels. The business model is typical of a public sector entity focused on local governance and citizen services. Technically, the website is built on the vismo CMS platform, utilizing standard web technologies such as HTML5, CSS3, and JavaScript. It integrates Google services like reCAPTCHA for form security and Google Translate for multilingual support. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The absence of advanced security headers and a dedicated security policy indicates room for improvement in security maturity. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms, reducing risk of automated abuse. No critical vulnerabilities or exposed sensitive data were detected. However, the lack of published security policies, incident response contacts, and vulnerability disclosure mechanisms suggests limited formal security governance. The missing WHOIS data for the domain is a concern for domain legitimacy verification but does not detract from the website's apparent authenticity as a government portal. Overall, the website presents a trustworthy and professional digital presence for the municipal district, with good content quality and user experience. Strategic enhancements in security policy transparency, domain registration clarity, and security header implementation would strengthen its security posture and trustworthiness.

Časopisy pro volný čas s.r.o. is a Czech publishing company specializing in magazines focused on leisure activities, health, and home living. Their website offers information about their magazine titles such as Chatař & Chalupář, Zdraví, and Domov, targeting Czech-speaking audiences interested in lifestyle and leisure content. The business operates a subscription e-shop and provides contact information primarily via email. The company has been established since 2001, indicating a stable market presence in the media sector. Technically, the website is built on WordPress with Elementor and uses common web technologies such as jQuery and FontAwesome. The site is hosted likely by WEDOS, the registrar, and uses HTTPS with a good SSL configuration. The site is moderately optimized for performance and mobile devices, though accessibility and SEO optimizations are basic. No advanced analytics or tracking tools are detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS but lacks important security headers and cookie consent mechanisms, which are recommended for GDPR compliance and enhanced security posture. No vulnerabilities or exposed sensitive data were found in the HTML content. The WHOIS data is consistent with the business claims, showing a domain age appropriate for the company's history and no privacy protection, which supports legitimacy. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include implementing cookie consent, adding security headers, publishing a security policy, and enhancing accessibility and SEO features to improve compliance and user experience.

О

ООО «Центр Болотова»

balzambolotova.com

49

The website balzambolotova.com serves as the official e-commerce platform for the sale and promotion of the Bolotov Balm, a health supplement aimed at rejuvenation, fat burning, and improving various health conditions such as diabetes and hypertension. The company behind the product, ООО «Центр Болотова», operates primarily in Ukraine and targets consumers interested in natural health remedies. The site features multiple language versions, customer testimonials, certifications, and detailed product information, positioning itself as a trusted source for this niche product. Technically, the website is built on the Bitrix CMS platform, utilizing common web technologies such as jQuery, Bootstrap, and various marketing and analytics tools including Google Tag Manager and Facebook Pixel. Hosting is provided by Hosting Ukraine LLC. The site demonstrates moderate performance and good mobile optimization but lacks some advanced accessibility features. From a security perspective, the site employs HTTPS and secure form submissions but lacks DNSSEC and advanced security headers like Content Security Policy or X-Frame-Options. There is no visible cookie consent mechanism despite the use of tracking scripts, indicating partial privacy compliance. No explicit security or incident response policies are published, which could be improved to enhance trust and compliance. Overall, the website is professionally designed with consistent branding and good content quality. The business credibility is supported by certifications and clear contact information. However, improvements in privacy compliance and security hardening are recommended to elevate the site's trustworthiness and regulatory adherence.

Č

Časopisy pro volný čas, s.r.o.

objednatsipredplatne.cz

48

The website www.send.cz is an e-commerce platform specializing in magazine subscriptions primarily for the Czech market. It represents the publisher Časopisy pro volný čas, s.r.o. and offers a wide catalog of magazines across various themes, including options for gift certificates and bonuses. The platform targets readers interested in periodicals and provides a user-friendly interface with clear navigation and mobile optimization. The business model revolves around direct subscription sales and online management of subscriptions, positioning itself as a key player in the Czech magazine subscription market. Technically, the site employs modern web technologies such as Bootstrap 4, jQuery, FontAwesome Pro, and Google Fonts, ensuring a responsive and visually consistent user experience. It integrates Google Tag Manager and Hotjar for analytics and user behavior tracking. The site is served over HTTPS with a good SSL configuration, although some advanced security headers are missing. Performance is moderate, with deferred image loading and carousel normalization enhancing user experience. From a security perspective, the site enforces HTTPS and uses secure login modals. It includes a cookie consent banner compliant with GDPR requirements. However, the absence of WHOIS data for the domain raises concerns about domain registration transparency and trustworthiness. No explicit security policies, incident response contacts, or vulnerability disclosure mechanisms are present, indicating room for improvement in security governance. Overall, the website is professional, trustworthy, and well-structured for its business purpose. The main risk lies in the lack of domain registration data and limited security policy disclosures. Strategic recommendations include enhancing security headers, publishing detailed privacy and security policies, and improving domain registration transparency to bolster trust and compliance.

U

Utsukusy cosmetics

utsukusycosmetics.es

37

Utsukusy cosmetics is a professional cosmetics company established since 1972, specializing in skincare products and treatments for aesthetic and medical aesthetic centers, as well as spas. The website presents a comprehensive catalog of products and treatments, targeting professional and consumer markets in Spain. The digital infrastructure is built on WordPress with WooCommerce and Elementor, reflecting a modern and maintainable platform. Security posture is adequate with HTTPS and cookie consent mechanisms, though additional security headers and policies could enhance protection. The absence of WHOIS data is due to registry restrictions common in .es domains, but the website content and business information support legitimacy. Overall, the site is professional, well-branded, and compliant with privacy regulations.

The website programprazskychkin.cz serves as an informational portal providing cinema program listings primarily for Prague and other locations in the Czech Republic. It aggregates schedules and links to multiple cinema websites, offering users a centralized resource for movie showtimes and related contests. The site targets general audiences interested in cinema and cultural events. Technically, the site uses basic HTML, CSS, and JavaScript with jQuery 1.10.2, alongside Google Analytics and Google Tag Manager for tracking. The design and user experience are functional but basic, with limited mobile optimization and accessibility features. Security posture is moderate to low, with no visible HTTPS enforcement in metadata, outdated JavaScript libraries, and lack of security headers. Privacy compliance is poor, with no visible privacy or cookie policies or consent mechanisms. Contact information is provided in the form of multiple cinema addresses and phone numbers, but no company emails or social media links are present. Overall, the site is a small-scale media information portal with moderate trustworthiness but requires improvements in security and privacy compliance.

EZOfit s.r.o. operates the website zdravetrhy.sk, which promotes and organizes the 'Zdravé Vianočné Trhy' health and wellness exhibition held in Košice, Slovakia. The business focuses on providing a platform for exhibitors offering ECO, BIO, RAW products, personal and spiritual development, and health analyses. The website targets a general audience interested in health, wellness, and related lifestyle products. Technically, the site is built on WordPress with Yoast SEO and Google Analytics integrated, showing a moderate level of digital maturity with good mobile optimization and accessibility. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacking advanced security headers and explicit incident response policies. Privacy compliance is well addressed with GDPR-aligned policies and consent management. Overall, the site is professional and trustworthy but could improve security and transparency aspects.

E

EZOfit s.r.o.

vitalfest.sk

46

VITALfest is a Slovakian health and wellness festival organized by EZOfit s.r.o., founded in 2023. The website serves as an informational and promotional platform for the festival, offering details about exhibitors, programs, ticketing, and event dates. The business targets general audiences interested in health, wellness, and natural products, positioning itself as a regional event organizer with a focus on experiential and educational offerings. Technically, the site is built on WordPress with common plugins like Yoast SEO and Google Site Kit, integrating Google Analytics and Tag Manager with GDPR-compliant consent mechanisms. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and published security policies. No critical vulnerabilities or suspicious indicators were found. Overall, the site is professional, trustworthy, and compliant with privacy regulations.

E

Estetica India

estetica-india.com

39

Estetica India is a specialized online hair magazine serving the Indian beauty and hairdressing industry with rich content including articles, news, videos, and digital magazine editions. The website targets hair professionals, salon owners, distributors, and beauty enthusiasts, positioning itself as a leading media outlet in this niche. Technically, the site is built on WordPress with Elementor, leveraging modern web technologies and plugins for enhanced user engagement such as WhatsApp chat and push notifications. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is professional and trustworthy but would benefit from improved security and compliance measures.

C

Czech Association for Branded Products, z.s.

cszv.cz

42

The Czech Association for Branded Products (ČSZV) is a well-established non-profit organization founded in 1993 and registered in Prague, Czech Republic. It represents manufacturers of branded products, advocating for their common interests in production, marketing, distribution, and sales. The association includes major multinational companies as members and maintains affiliations with several international industry bodies. The website reflects a professional and consistent brand image, targeting industry stakeholders and manufacturers within the Czech market. Technically, the website employs modern web technologies including jQuery, Google Analytics, and Foundation framework, with a cookie consent mechanism implemented via Orejime. The site is mobile-optimized and demonstrates good SEO and accessibility features, although some accessibility aspects could be improved. Performance is moderate, with no critical technical issues detected. From a security perspective, the site uses HTTPS and has implemented cookie consent for GDPR compliance. However, no explicit privacy policy or terms of service documents were found on the analyzed page, and no security headers were detected in the HTML content. There is no visible incident response or security policy information. The presence of mature content sectors such as tobacco and alcohol among members requires appropriate content classification and user awareness. Overall, the website is trustworthy and credible, with a strong business presence and consistent branding. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, and improving incident response transparency to strengthen compliance and security posture.

M

Michal Strouhal

licker.cz

40

Licker.cz is a small Czech graphic design studio operated by Michal Strouhal, offering a range of creative services including graphic design, web design, printing materials, and domain registration with hosting. The company emphasizes personalized and detail-oriented design work, targeting clients primarily in the Hradec Králové region. The website is professionally designed with a clear structure and good content quality, supporting the business's local presence and service offerings. Technically, the website uses standard web technologies such as Bootstrap, jQuery, and Google Fonts, providing a responsive and user-friendly experience. However, there is no evidence of advanced CMS or analytics tools, and performance is moderate. Accessibility is basic but functional, and SEO practices appear adequate based on meta tags and content structure. From a security perspective, the site lacks visible HTTPS confirmation and security headers, and no privacy or cookie policies are present, indicating compliance gaps with GDPR and modern privacy standards. The WHOIS data is unavailable, which reduces domain trustworthiness and complicates legitimacy verification. No forms or tracking scripts were detected, minimizing data collection risks but also limiting user engagement features. Overall, the website presents a legitimate small business with good content and design quality but requires improvements in security posture, privacy compliance, and domain registration transparency to enhance trust and regulatory adherence.

The website www.petrmalec.cz represents an SEO consulting service currently under maintenance, as indicated by the placeholder page stating a relaunch date of September 10, 2025. The business appears to be a small-scale SEO consultancy targeting a general audience in the Czech Republic. The site uses WordPress CMS with jQuery and Open Sans font, reflecting a basic but modern technical infrastructure. However, the site content is minimal, lacking detailed business information, contact details, or policies. Security posture is moderate with HTTPS enabled but missing critical security headers and privacy compliance elements. The absence of WHOIS data significantly impacts trust and legitimacy assessment. Overall, the site requires improvements in transparency, security, and content richness to enhance credibility and user trust.

G

Grassrootz

grassrootz.com

49

Grassrootz is a small Australian-based company providing a SaaS platform focused on event fundraising and community engagement for non-profit organizations and event organizers. Their website is professionally designed using Squarespace, featuring clear navigation, social media integration, and modern web technologies such as Google Tag Manager and reCAPTCHA. The platform offers services including event ticketing, registrations, and integrations to support fundraising efforts. Technically, the site is well-implemented with HTTPS and HSTS enabled, indicating a strong security posture. However, the absence of WHOIS data and lack of explicit privacy and terms of service policies represent gaps in transparency and compliance. No direct contact information or security incident response details are provided, which could impact trust and user confidence.

A

American Society of Transplantation

myast.org

30

The American Society of Transplantation (AST) operates a professional membership website dedicated to advancing transplantation science, education, and patient care. The site serves a global audience of transplant professionals, including physicians, pharmacists, researchers, and patients. AST offers a comprehensive range of services including educational events, communities of practice, research grants, advocacy, and patient resources. The organization is well-established with a domain age of over 11 years and a consistent brand presence across multiple digital channels. Technically, the website is built on a modern stack with Craft CMS, uses Foundation CSS framework, and integrates multiple third-party services such as Google Tag Manager, Facebook Pixel, and Adzerk for advertising. The site is mobile optimized, accessible, and SEO friendly, providing a professional user experience. However, there is room for improvement in security headers and cookie consent mechanisms. From a security perspective, the site uses HTTPS with a good SSL configuration and does not expose sensitive data. The lack of DNSSEC and security headers are notable gaps. No explicit security policies or incident response information is publicly available, which could be enhanced to improve trust and compliance. Privacy compliance is adequate with a clear privacy policy, but cookie consent is missing despite tracking technologies. Overall, the website is trustworthy, professional, and well-maintained with a strong focus on its healthcare and non-profit mission. Strategic recommendations include enhancing security headers, implementing cookie consent, publishing security policies, and enabling DNSSEC to strengthen the security posture and privacy compliance.