High-risk security reports

D

Den dárců | Slavíme Den dárců - oslavte ho s námi!

dendarcu.cz

46

The website www.dendarcu.cz serves as an informational and promotional platform for Den dárců (Donor Day), a non-profit initiative aimed at celebrating and promoting philanthropy in the Czech Republic. The site is associated with Fórum dárců and Nadace rozvoje občanské společnosti (NROS), indicating a focus on charitable giving awareness. The content is primarily in Czech and targets the general public interested in philanthropy and donor recognition. The site provides news updates, podcasts, and event information related to charitable activities. From a technical perspective, the website employs common web technologies such as jQuery, Google Fonts, and ShareThis for social sharing. It includes a cookie consent mechanism compliant with GDPR principles, though no explicit privacy policy or terms of service pages were found. The site appears moderately optimized for mobile devices and SEO, with a clear navigation structure and relevant meta tags. However, visible PHP warnings in the footer suggest server-side configuration issues that could impact user trust and security. Security posture is moderate but could be improved. There is no evidence of HTTPS enforcement or security headers in the provided data, and the presence of PHP errors indicates potential information leakage. The WHOIS lookup failed to retrieve domain registration details, which reduces trustworthiness but does not necessarily indicate malicious intent given the site's non-profit nature. No contact emails, phone numbers, or social media links were found, limiting direct communication channels. Overall, the website is functional and serves its informational purpose but requires improvements in security hardening, privacy transparency, and server configuration to enhance trust and compliance. Addressing these issues will strengthen its credibility and user confidence.

Q

QI GROUP a. s.

qiakademie.cz

44

QI Akademie is a Czech-based educational and support platform operated by QI GROUP a. s., targeting users and implementation partners of the QI information system. The website offers training, webinars, support materials, and partner resources to facilitate effective use and implementation of the QI system. It positions itself as a key knowledge hub within its market segment in the Czech Republic. Technically, the website is built on WordPress 5.4 with Bootstrap 3.3.6 and jQuery 1.12.4, leveraging common web technologies and third-party services such as Microsoft Clarity and Google Analytics (though the latter is not fully configured). The site is mobile-optimized and uses HTTPS, but lacks some advanced security headers and privacy compliance features. From a security perspective, the site enforces HTTPS and uses secure login forms but does not explicitly implement or advertise security policies, privacy policies, or cookie consent mechanisms. The absence of WHOIS data limits domain trust assessment, though the website content and contact information suggest a legitimate business presence. No critical vulnerabilities or adult content were detected. Overall, the site demonstrates a moderate to good level of technical and business maturity but requires improvements in privacy compliance, security headers, and WHOIS transparency to enhance trust and regulatory adherence.

P

PC HELP, a.s.

qi-partner.cz

47

PC HELP, a.s. operates the website www.qi-partner.cz offering the QI ERP system, a modular business software solution tailored for companies of various sizes, primarily targeting the Czech market. The company provides a comprehensive suite of modules including firm management, project management, CRM, finance, production, services, and bond management. The website is professionally designed with clear navigation and mobile optimization, reflecting a mature digital presence. Technically, the site uses xartCMS and integrates common analytics and marketing tools such as Google Tag Manager and Seznam tracking. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though some security headers are missing and no explicit security policies are published. WHOIS data is unavailable, likely due to privacy protection, but the site’s content and contact information support legitimacy. Overall, the site scores well on content quality, privacy compliance, and business credibility, with room for improvement in security best practices and transparency.

P

PC HELP, a.s.

helios-servis.cz

46

PC HELP, a.s. operates the website www.helios-servis.cz, providing specialized ERP software solutions centered around the Helios Inuvio system for small and medium enterprises in the Czech Republic. The company offers a range of services including ERP implementation, supplementary plugins, training, and customer support, positioning itself as a trusted partner in the ERP software market. The website content is professionally presented, targeting business customers seeking tailored enterprise software solutions. Technically, the site is built on the xartCMS platform, utilizing modern JavaScript libraries and Google Tag Manager for analytics and marketing. The site is mobile optimized and includes a comprehensive cookie consent mechanism, reflecting good privacy compliance. Security-wise, the site enforces HTTPS and employs email obfuscation to reduce spam, but lacks visible security headers which could enhance protection. The absence of WHOIS data for the domain reduces trust in domain registration transparency, though the website content and contact information appear legitimate and consistent with a professional business. Overall, the site demonstrates a solid digital presence with room for improvement in security best practices and domain registration transparency.

Q

QI GROUP a.s.

qi.cz

45

QI GROUP a.s. operates the website www.qi.cz, offering a comprehensive ERP and business information system tailored for various industries including manufacturing, retail, and technology sectors. The company positions itself as an established ERP provider with over 1,500 implementations, providing modular solutions such as CRM, DMS, BI, HRM, and mobile applications. The website is professionally designed, well-structured, and targets business clients seeking integrated enterprise solutions. Technically, the site is built on WordPress with modern frameworks like Bootstrap and includes analytics and marketing tools such as Google Analytics, Microsoft Clarity, and Google Tag Manager. Security measures include HTTPS enforcement and GDPR-compliant cookie consent mechanisms, though there is room for improvement in security headers and incident response transparency. The absence of WHOIS data reduces domain trust slightly, but the overall business credibility and content quality remain high. Strategic recommendations include enhancing security headers, publishing a security policy, and verifying domain registration details to improve trust.

T

turistika.cz s.r.o.

livetouring.com

46

Livetouring.com is a niche content platform specializing in video routes for walking, cycling, and other outdoor activities, primarily targeting travelers and outdoor enthusiasts. The website offers a rich catalog of 190 routes with interactive maps and video content, supporting multiple languages to cater to an international audience. The business operates under turistika.cz s.r.o., a Czech company founded in 2014, positioning itself as a specialized provider in the travel and transportation sector. Technically, the website leverages Google Maps API for geospatial content, uses Revive Adserver for advertising, and implements a third-party cookie consent mechanism. The site is custom-built with moderate performance and basic mobile optimization. SEO and content quality are good, but there is room for improvement in accessibility and advanced technical frameworks. From a security perspective, the site uses HTTPS but lacks important security headers and DNSSEC. The Google Maps API key is exposed in the HTML, which could pose a risk if not properly restricted. No formal security or incident response policies are published, indicating a low maturity in security governance. Cookie consent is implemented, but GDPR compliance is only basic. Overall, the website is functional and credible with a moderate security posture. Strategic improvements in security headers, API key management, and formal security policies would enhance trust and compliance. The business model is clear and well-executed, but technical modernization and stronger privacy practices are recommended.

M

Media Force, Ltd.

mfadsrvr.com

48

The website hellogenie.com represents Media Force, Ltd., a small technology company specializing in algorithmic advertising powered by machine learning and data analytics. The site is minimalistic, serving primarily as an informational landing page with a focus on business-to-business advertising solutions. The company appears to have a stable market position as a niche player in advertising technology, founded in 2013, with a consistent domain registration history. Technically, the website uses a basic tech stack including jQuery, Bootstrap, and Google Fonts, hosted likely on AWS infrastructure as indicated by DNS records. The site lacks advanced CMS or analytics tools and shows only basic mobile optimization and accessibility features. Performance is moderate given the lightweight content and standard libraries. From a security perspective, the site has room for improvement. There are no detected security headers, DNSSEC is not enabled, and no HTTPS enforcement information is available. The domain is protected by standard registrar locks but lacks published security policies or incident response contacts. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is safe with no adult or questionable content, but the limited content and security features suggest a need for enhancements to improve trust, compliance, and technical robustness. Strategic recommendations include enabling DNSSEC, implementing security headers, enforcing HTTPS, and adding cookie consent to align with GDPR requirements.

Jihočeské muzeum v Českých Budějovicích is a regional cultural institution managing historical and cultural collections of the South Bohemian region. It operates multiple branches including a historic main building and specialized museums. The website presents a well-structured digital presence with detailed information on exhibitions, events, and educational programs, targeting general public and cultural enthusiasts. Technically, the site uses a custom CMS with legacy jQuery and modern tracking tools like Google Tag Manager and Facebook Pixel. The site is HTTPS secured and includes a cookie consent mechanism compliant with GDPR. However, the absence of WHOIS data and some outdated libraries slightly reduce the overall trust and security posture. No critical vulnerabilities or adult content were detected, making the site safe and professional for its audience.

K

Krajské inovační centrum Karlovarského kraje, p. o.

karp-kv.cz

49

Krajské inovační centrum Karlovarského kraje (KIC KK) is a regional innovation center focused on supporting innovation, entrepreneurship, human resources, and local potential development within the Karlovy Vary region of the Czech Republic. The organization operates as a public entity providing services such as innovation support, business financing, regional development, and community building. The website reflects a well-structured and professional digital presence with clear navigation and relevant content targeted at local businesses, researchers, and public institutions. The site is multilingual with Czech as the primary language and options for English and German.

K

Krajská hospodářská komora Karlovarského kraje

khkkk.cz

47

Krajská hospodářská komora Karlovarského kraje is a regional chamber of commerce serving the Karlovy Vary region in the Czech Republic. It acts as the official representative of entrepreneurs and provides a broad range of services including membership benefits, human resources support, education, customs and certification, international trade assistance, and networking opportunities. The organization targets local businesses and entrepreneurs, positioning itself as a key partner in regional economic development. Technically, the website is built on WordPress 6.0.11 with common plugins such as jQuery, Cycle2 slideshow, Responsive Lightbox, TablePress, and The Events Calendar. The site is moderately performant, mobile-optimized, and SEO-friendly with proper meta tags and structured data. However, some accessibility features are basic, and there is room for improvement in security headers and cookie consent mechanisms. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks visible security headers and explicit incident response or security policy documentation. No vulnerabilities or exposed sensitive data were detected in the HTML content. The absence of WHOIS data reduces domain registration trustworthiness, but the presence of official company registration and VAT numbers, along with consistent branding and contact information, supports the legitimacy of the business. Overall, the website is professional, content-rich, and trustworthy for its intended audience. Strategic improvements in privacy compliance, security headers, and domain registration transparency would enhance its security posture and compliance standing.

K

Karlovarský kraj

lekarikarlovarskehokraje.cz

47

The website lekarikarlovarskehokraje.cz serves as an official informational portal supported by the Karlovarský kraj regional government, providing a comprehensive catalog of benefits for medical students and doctors in the region. It offers clear, structured content including benefit listings, news articles, job vacancies, and contact information, targeting healthcare professionals and students within the Czech Republic. The site is professionally branded with consistent government logos and messaging, reflecting its authoritative position in the regional healthcare sector. Technically, the website is built on WordPress using the Avada theme, integrating modern web technologies such as jQuery, Google Tag Manager, Google Analytics, and Facebook Pixel for analytics and marketing. Hosting and domain registration are managed by WEDOS, a reputable provider. The site demonstrates good mobile optimization, SEO practices, and accessibility features, although some improvements in accessibility and security headers could enhance its technical maturity. From a security perspective, the site enforces HTTPS with an excellent SSL configuration and employs cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for improved transparency and trust. No critical vulnerabilities or exposed sensitive data were detected, and no WAF or blocking mechanisms interfere with content accessibility. Overall, the website presents a low-risk profile with strong business credibility and compliance posture. Strategic recommendations include enhancing security headers, publishing a formal security policy, and establishing a vulnerability disclosure channel to further strengthen trust and security culture.

K

Koordinátor veřejné dopravy Zlínského kraje, s.r.o.

idzetka.cz

44

The website idzetka.cz serves as an e-commerce and informational platform for the Zetka public transport card in the Zlín Region of the Czech Republic. It offers services such as card registration, login, anonymous purchase options, and ordering new cards. The site targets residents and travelers using public transportation in the region, positioning itself as a regional transport service provider with a medium-sized operational scope. The business is relatively young, founded around 2020, and operates under the legal entity Koordinátor veřejné dopravy Zlínského kraje, s.r.o. Technically, the website employs a modern but standard technology stack including jQuery, Bootstrap, Font Awesome, and other JavaScript libraries to provide a responsive and user-friendly experience. Hosting is managed by WEDOS, a Czech hosting provider, consistent with the business location. The site demonstrates moderate performance and good mobile optimization but lacks some advanced SEO and accessibility features. From a security perspective, the site uses HTTPS and avoids exposing sensitive data in the HTML. However, it lacks explicit security headers such as Content-Security-Policy and does not provide a cookie consent mechanism, which may affect GDPR compliance. No incident response or security policy information is published, and no vulnerability disclosure or security.txt files are present. The WHOIS data is transparent and consistent with the business, supporting legitimacy. Overall, the website is professionally designed and trustworthy for its intended audience but could improve in privacy compliance and security best practices to enhance user trust and regulatory adherence.

B

Bennon

bennon.cz

48

Bennon.cz is the official e-commerce website for the Bennon brand, specializing in certified work and leisure footwear, clothing, and accessories. Established in 2009, the company has a strong market presence in the Czech Republic, targeting general consumers and professionals seeking quality workwear. The website is well-structured, mobile-optimized, and uses modern web technologies including WordPress and WooCommerce, supported by various marketing and analytics tools. Security posture is solid with HTTPS and no evident vulnerabilities, though improvements in security headers and privacy compliance are recommended. Overall, Bennon.cz presents a professional and trustworthy online retail platform with a clear business focus and consistent branding.

K

Domů • IDZK

koved.cz

44

The website www.idzk.cz represents Integrovaná doprava Zlínského kraje (IDZK), a regional integrated public transportation service provider in the Zlín region of the Czech Republic. The platform offers comprehensive services including bus and train schedule searches, fare and tariff information, a transport card system (Zetka), and an e-shop for related products. The site targets local citizens and travelers, aiming to simplify and improve regional mobility. The business model is focused on public transport integration and customer service facilitation, positioning IDZK as a key regional transportation entity. Technically, the website employs modern web technologies such as Google Web Fonts and JavaScript, with responsive design and good accessibility features. The site is served over HTTPS, ensuring secure communication. Cookie consent mechanisms and GDPR-compliant privacy policies are implemented, reflecting a mature approach to privacy and data protection. However, no advanced security headers were detected, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates a solid baseline with HTTPS and privacy compliance but lacks some best practices such as security headers and vulnerability disclosure mechanisms. The absence of WHOIS data reduces domain trustworthiness, though the website content and structure appear professional and legitimate. No critical vulnerabilities or exposed sensitive data were found. Overall, the site is secure for general users but could improve transparency and security posture. The overall risk assessment is moderate with recommendations to enhance security headers, publish incident response contacts, and improve business contact transparency. The site is well-positioned in its market niche but should address WHOIS data gaps and security best practices to strengthen trust and compliance.

Taneční škola A. & A. Mědílkovi is an established dance school based in Zlín, Czech Republic, with a history spanning over 70 years. The school offers a variety of dance courses including social dance for students, adult dance classes, salsa and Latin dance for women, and children's dance and movement courses. They also provide private dance lessons and organize dance performances for events. The website is professionally designed using WordPress with popular plugins such as WPBakery Page Builder and Slider Revolution, indicating a moderate level of digital maturity. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and formal privacy and cookie policies, which are areas for improvement. WHOIS data is unavailable, which raises some concerns about domain registration transparency. Overall, the business appears legitimate and well-positioned in the local education sector, but should enhance privacy compliance and domain registration transparency to improve trust and security.

The website horkyzeslize.sk is currently inaccessible, returning a 403 Forbidden error page which blocks access to any meaningful content or business information. The domain is registered since 2003 with a Slovak registrar and uses Slovak name servers, indicating a legitimate and long-standing domain. However, the lack of accessible content prevents any detailed analysis of the business, services, or compliance posture. The hosting provider is websupport.sk, a known Slovak hosting service. Due to the blocked content, no metadata, forms, or scripts could be analyzed, and no privacy or security policies were found. The security posture cannot be assessed beyond the fact that the site is inaccessible, which itself is a critical issue for user trust and business operations.

Krajská galerie výtvarného umění ve Zlíně is a regional art gallery based in Zlín, Czech Republic, focused on visual arts exhibitions, educational programs, and cultural events. The website serves as an information portal for visitors, schools, and art enthusiasts, providing details about current and upcoming exhibitions, programs for children and schools, and access to online galleries and publications. The institution holds a recognized position in the regional cultural landscape with partnerships including Baťův institut and the Zlínský kraj regional authority. Technically, the website uses a traditional JavaScript framework (MooTools) and Google Fonts, with a moderate performance profile and basic mobile optimization. The site is served over HTTPS with a valid SSL configuration, but lacks advanced security headers, which presents an opportunity for security enhancement. The cookie consent mechanism is implemented, supporting GDPR compliance, and privacy policies are clearly linked. From a security perspective, the site shows a good baseline posture with no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS data limits the ability to fully verify domain legitimacy and ownership details, slightly reducing trust. No incident response or vulnerability disclosure information is provided, which could be improved to enhance security transparency. Overall, the website is professional, trustworthy, and serves its cultural mission effectively. Strategic improvements in security headers, WHOIS transparency, and incident response readiness would strengthen its security posture and trustworthiness further.

H

Hokejový klub Tigers Zlín a.s.

tigerszlin.cz

45

Hokejový klub Tigers Zlín a.s. operates a professional and regionally focused hockey club website serving fans, players, and the local community in the Czech Republic. The site provides comprehensive information about the club's activities, youth teams, match reports, and merchandise offerings, positioning itself as a central hub for Tigers Zlín supporters and participants. The business model centers on sports club operations, youth training, and fan engagement through merchandise sales and event promotion. Technically, the website employs a modern but straightforward technology stack including jQuery, Slick Carousel, and LightGallery for interactive content presentation. Hosting is provided by a Czech hosting provider, and the site is mobile-optimized with good SEO practices. However, accessibility features are basic, and no major CMS or frameworks are detected. From a security perspective, the site uses HTTPS and implements a detailed cookie consent mechanism compliant with GDPR principles. However, it lacks explicit security headers and does not provide a dedicated privacy policy or incident response contact information, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected in the provided content. Overall, the website is professionally designed and functional with moderate security and privacy compliance. Strategic enhancements in security headers, privacy documentation, and incident response readiness would strengthen its posture and trustworthiness.

M

Pronájem nafukovacích atrakcí | mojeZabavneAtrakce.cz

mojezabavneatrakce.cz

43

mojezabavneatrakce.cz is a Czech-based small business specializing in the rental of inflatable and entertainment attractions for children and adults, targeting family events, corporate functions, and community celebrations across the Czech Republic and Slovakia. The company emphasizes direct ownership of its attractions, guaranteeing service reliability and offers free delivery for large orders. The website is professionally designed with clear navigation and provides essential contact information, including phone and obfuscated email addresses, enhancing user trust. Technically, the site uses a legacy jQuery version alongside modern tools like Google Tag Manager and NetteForms, indicating a moderate level of digital maturity. However, the absence of updated security headers and cookie consent mechanisms suggests room for improvement in compliance and security posture. The WHOIS data is unavailable, likely due to privacy protection, which slightly reduces transparency but does not detract significantly from the business credibility given the consistent website content and contact details. Overall, the site is safe, family-friendly, and functional, with moderate security and privacy compliance levels.

CREAM SICAV, a.s. operates the CREAM Group, a medium-sized real estate investment and development company focused on brownfield redevelopment, residential and commercial real estate, and logistics in the Czech Republic and Slovakia. The company has a strong market position with a portfolio valued at billions of CZK and ongoing significant projects such as Bata Areal and Living Beskydy. Their business model centers on sustainable growth and community benefit, targeting investors, tenants, and business partners. The website reflects a professional and consistent brand image with clear navigation and relevant content.

J

Jedu na dřeň

jedunadren.cz

42

Jedu na dřeň is a Czech non-profit campaign focused on bone marrow donor registration and raising awareness about the importance of saving lives through bone marrow donation. The website presents a well-established regional initiative with over 10 years of activity, supported by local government and sponsors. It targets the general public in the Czech Republic, encouraging them to register as donors and participate in related events. Technically, the site is built on WordPress using the Divi theme, with modern tracking and consent management tools such as Matomo Analytics and Complianz GDPR Cookie Consent. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Overall, the domain registration data aligns well with the website's claims, supporting its legitimacy and trustworthiness.

Z

Zlínská liga železných hasičů

zlzh.cz

48

Zlínská liga železných hasičů is a regional sports league in Czechia focused on Tough Firefighter Athlete (TFA) competitions. Founded in 2017, it organizes multiple annual events for firefighter athletes with categories for men, women, and masters. The website serves as a community hub providing event information, news, results, and contact details. Technically, the site uses a modern but basic stack including jQuery, Bootstrap, Font Awesome, Owl Carousel, Chart.js, and the Nette PHP framework. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate with no detected advanced security headers or incident response contacts, and no privacy policy or terms of service published, which are compliance gaps. The domain registration data is consistent with the business history and regional focus, supporting legitimacy. Overall, the website is functional and trustworthy but would benefit from improved security and privacy compliance measures.

Č

Českomoravská myslivecká jednota

cmmj.cz

45

Českomoravská myslivecká jednota (ČMMJ) is a Czech non-profit organization dedicated to hunting and wildlife management. The website serves as an information portal for members and partners, providing organizational details, partner listings, and contact information. The organization maintains an active presence on major social media platforms, enhancing community engagement. Technically, the website is built on WordPress using a modern theme and plugins, ensuring a responsive and user-friendly experience. Security measures include HTTPS enforcement, security headers, and use of reCAPTCHA to protect forms. Privacy and cookie policies are present and indicate GDPR compliance. However, the absence of WHOIS data due to privacy protection limits domain registration transparency. Overall, the site is professional, secure, and trustworthy, serving its target audience effectively.

Moravia Events s.r.o. is a small regional sports and event agency based in the Czech Republic, specializing in organizing running and cycling events primarily in the Moravia region. The company offers event management services including chip timing and operates several sports projects and races. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeted at sports enthusiasts and families interested in regional sports events. Technically, the site uses modern JavaScript libraries and frameworks, including jQuery, Moment.js, and Swiper.js, with a focus on mobile responsiveness and user experience. Security posture is adequate with HTTPS enforced and a comprehensive cookie consent mechanism, although explicit security headers and policies are not evident. The domain registration data aligns well with the business information, supporting legitimacy. Overall, the site is trustworthy, compliant with GDPR, and provides clear contact and partner information.

B

Baxter

baxter.it

47

Baxter is a premium Italian furniture manufacturer specializing in handcrafted leather sofas, armchairs, beds, chairs, and accessories. The company positions itself as a luxury brand emphasizing artisanal quality and unique design, targeting consumers and businesses seeking high-end Italian designer furniture. The website supports multiple languages, indicating a global market reach. Technically, the site is built on modern frameworks such as Nuxt.js and Vue.js, hosted on Azure CDN, and incorporates performance and user experience best practices including mobile optimization and SEO. Security-wise, the site enforces HTTPS and uses cookie consent management but lacks explicit security headers and published security policies. No critical vulnerabilities or suspicious content were detected. Overall, the site demonstrates a mature digital presence with room for improvement in privacy and security transparency.

sevenmedia s.r.o. is a small media sector company based in Ostrava, Czech Republic, with a domain registered since 2005. The website primarily serves as a corporate presence providing contact details and a visual slideshow, indicating a focus on media or creative services. The technical infrastructure is basic, utilizing jQuery 2.1.3 and the Vegas slideshow plugin, hosted likely by WEDOS, a Czech hosting provider. Mobile optimization and SEO are minimal, and no CMS or advanced frameworks are detected. Security posture is limited, with no visible security headers or privacy policies, and no evidence of HTTPS enforcement from the provided data. The website does not include forms or data collection mechanisms, reducing immediate data protection concerns but also indicating limited interactivity. Overall, the site is functional but basic, with room for significant improvements in security, privacy compliance, and technical modernization.

G

Groupe Exercice, Réadaptation, Sport et Prevention (GERS-P) de la Société Française de Cardiologie (SFC)

congres-gers.fr

41

The website congres-gers.fr represents the 29th National Days of the Groupe Exercice, Réadaptation, Sport et Prevention (GERS-P), part of the French Society of Cardiology. It serves as an information and registration portal for healthcare professionals interested in cardiology, rehabilitation, and sport prevention. The site is professionally designed, consistent in branding, and provides clear navigation to event details, abstracts, partnership opportunities, and archives of past presentations. The target audience is primarily medical professionals and researchers in France. Technically, the site is built on WordPress using popular themes and plugins, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks some security headers and visible privacy compliance mechanisms. Contact information is clearly presented, including phone, email, and social media links. The domain registration is consistent and legitimate, supporting the site's credibility.

The website 'RYTHMOLOGIE' appears to be a small healthcare-related site targeting healthcare professionals in France. The content is minimal, consisting mainly of a landing page asking visitors if they are healthcare professionals, with navigation to 'oui.php' or 'non.html'. The domain was registered in 2022 and is consistent with the website's French healthcare focus. The technical infrastructure is basic, using Bootstrap CSS from a CDN and hosted under a domain registered with GANDI. There is no evidence of advanced CMS or analytics tools. Security posture is weak, with no visible security headers or privacy policies, and no HTTPS status confirmed from the data provided. No contact information or forms collecting personal data are present, limiting privacy compliance. Overall, the site is functional but minimalistic, with room for significant improvements in security, privacy, and content richness.

E

EUMS - European Mechanical Circulatory Support Summit

congresseums.com

43

The website www.congresseums.com represents the European Mechanical Circulatory Support Summit (EUMS) combined with the Bellvitge University Hospital's international course on mechanical circulatory support and advanced heart failure technologies. It serves as a professional platform for event registration, program details, abstract submissions, and sponsorship opportunities targeting healthcare professionals and researchers in the cardiac support field. The site is well-structured, visually professional, and provides comprehensive contact and compliance information, including GDPR and cookie consent mechanisms. Technically, it is built on WordPress with modern plugins and libraries, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS and cookie consent, though explicit security headers and incident response policies are not evident. The absence of WHOIS data is a notable anomaly, potentially indicating privacy protection or recent domain registration, which slightly impacts trust. Overall, the site is credible, professional, and suitable for its target audience.

G

Genesis - Paris

congresgenesis.fr

48

Genesis - Paris is a professional annual congress focused on women's health, targeting healthcare professionals such as doctors, pharmacists, and midwives. The event covers scientific and societal topics related to women's neurological and gynecological health, with expert speakers and a comprehensive program. The website is built on WordPress using popular plugins for content management and presentation. It features a cookie consent mechanism and uses Google Analytics for visitor tracking. However, it lacks published privacy and terms of service policies, which are important for compliance. Security posture is adequate with HTTPS and no visible vulnerabilities, but could be improved with additional security headers and published policies. Overall, the site presents a professional and trustworthy image consistent with its domain registration and business focus.

S

Société Française de Thrombose et d'Hémostase

congres-hemostase.com

41

The website www.congres-hemostase.com serves as the official platform for the French Society of Thrombosis and Hemostasis congress. It provides comprehensive information about the event including program details, committees, abstract submissions, registration, partnerships, practical information, and news updates. The target audience primarily consists of healthcare professionals, researchers, and clinicians specializing in thrombosis and hemostasis. The business model is that of a non-profit professional society organizing scientific congresses. The site is professionally designed with consistent branding and good content quality, supporting its position as a specialized national congress organizer in the healthcare sector. Technically, the website is built on WordPress using popular plugins such as WPBakery Page Builder, Slider Revolution, and Ultimate VC Addons. It employs modern web technologies including jQuery and MediaElement.js for video playback, and Google Fonts for typography. The site is mobile optimized with good navigation clarity and basic accessibility features. Performance is moderate with some media playback issues noted. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism, indicating awareness of privacy compliance. However, no explicit privacy policy or terms of service pages were detected, and no security headers were found in the provided data, which are areas for improvement. The WHOIS lookup failed to retrieve domain registration details, which raises some concerns about transparency but does not necessarily indicate illegitimacy given the professional nature of the site content. Overall, the website presents a low risk profile with good professionalism and trustworthiness. Strategic recommendations include adding comprehensive privacy and terms policies, improving security headers, resolving media playback issues, and enhancing accessibility to strengthen compliance and user experience.

C

Congrès CNGE

congrescnge.fr

43

The Congrès CNGE website represents a well-established French medical congress focused on general medicine practice and education. It serves a professional audience of healthcare practitioners and academics, providing detailed program information, participant statistics, and event logistics. The site is built on WordPress with a modern tech stack including popular plugins and tracking tools. It demonstrates good digital maturity with mobile optimization, GDPR compliance, and clear contact information. Security posture is generally sound with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit incident response policies. The absence of WHOIS domain registration data is a notable gap that impacts trust assessment. Overall, the site is professional and trustworthy but would benefit from enhanced security transparency and domain registration clarity.

C

CAPSO

capso.fr

40

CAPSO is a specialized healthcare event organizer focusing on critical care organ support, hosting an annual scientific congress in France since 2013. The website serves as a professional platform for event information, partner showcasing, and participant engagement. Technically, the site is built on WordPress with modern plugins and integrates Google Analytics for visitor insights. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. Contact and privacy information are clearly provided, supporting GDPR compliance. Overall, the site reflects a mature digital presence appropriate for its niche healthcare audience.

A

anji s.r.o.

24safestorage.cz

45

24SAFE STORAGE is a luggage storage service operating in the heart of Prague, offering 24/7 access and secure lockers for travelers. The company targets tourists and visitors who need a safe place to store their belongings while exploring the city. Their business model focuses on convenience, security, and affordability, supported by positive customer reviews and insurance guarantees. The website is professionally designed with clear navigation and a modern tech stack including React and Next.js, integrated with Google Maps and Google Tag Manager for enhanced user experience and analytics. Security posture is strong with HTTPS, security headers, and GDPR-compliant data collection via contact forms. No critical vulnerabilities or suspicious patterns were detected, and the domain registration aligns well with the business claims, indicating legitimacy and trustworthiness.

W

World Ovarian Cancer Coalition

worldovariancancercoalition.org

41

The World Ovarian Cancer Coalition is a Canadian-based non-profit organization established in 2016, dedicated to global advocacy, awareness, and research collaboration focused exclusively on ovarian cancer. The website serves as a comprehensive resource hub for patients, advocates, healthcare professionals, and researchers, offering educational content, study results, and global partnership information. The organization positions itself uniquely as the only global coalition focused solely on ovarian cancer, working with nearly 200 patient advocacy groups worldwide. Technically, the website is built on WordPress using a modern theme framework (FoundationPress) and integrates multiple plugins and third-party services such as Google Tag Manager, Facebook SDK, Iubenda for privacy compliance, and AddToAny for social sharing. The site is mobile-optimized with good SEO and accessibility basics, though some improvements in accessibility and security headers could be made. Hosting is provided by a reputable registrar, Netregistry Wholesale Pty Ltd. From a security perspective, the site enforces HTTPS and uses reputable privacy and cookie management services, indicating a strong privacy posture. However, it lacks explicit security headers and a published security policy or incident response contact, which are recommended for enhanced security maturity. No vulnerabilities or suspicious activities were detected in the content or scripts. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. It effectively supports its mission through clear navigation, quality content, and integration with social media and analytics tools. Strategic recommendations include enhancing security headers, enabling DNSSEC, and publishing a vulnerability disclosure policy to further strengthen trust and security posture.

The website goodid.net currently serves a 403 Forbidden error page, indicating that access to the site content is blocked or restricted. Due to this, no business descriptive content, contact information, or policies are accessible for analysis. The domain is registered since 2014 with GoDaddy.com, LLC and uses AWS DNS servers, suggesting a legitimate registration and hosting setup. However, the lack of accessible content and absence of security or privacy policies significantly limits the ability to assess the company's business model, services, or compliance posture. The site does not expose any scripts, analytics, or tracking technologies in the accessible content. Overall, the website is currently non-functional for public users and provides no visible trust or security indicators.

W

Wáberer Movement Lab

wml.zone

39

Wáberer Movement Lab is a Hungarian fitness and wellness business focused on longevity and scientifically based training programs. The website presents a professional and comprehensive offering including group and personal training, physiotherapy, and health assessments. The technical infrastructure is based on WordPress with Elementor, using modern JavaScript libraries and tracking tools such as Google Tag Manager and Facebook Pixel. Security posture is good with HTTPS enforced, but lacks explicit security headers and visible privacy or cookie policies. The WHOIS data is privacy protected, which is common and justified for this business type. Overall, the website is well-designed, content-rich, and trustworthy, serving a health-conscious audience in Budapest.

W

Waberer Medical Center

robotsebeszem.hu

43

Robotsebészem.hu is a Hungarian private healthcare website specializing in robot-assisted surgeries, operated by Waberer Medical Center. The site positions itself as a pioneer in private robot-assisted surgeries in Hungary, offering services in urology, gynecology, and general surgery. The target audience is local patients seeking advanced surgical options. The website is professionally designed, mobile-optimized, and uses modern web technologies including WordPress, Revolution Slider, and Gravity Forms for user engagement and data collection. Social media integration and a newsletter signup enhance user interaction. Security posture is solid with HTTPS and secure forms, though some improvements are recommended such as adding security headers and explicit cookie consent mechanisms. The domain registration is recent but consistent with the business launch, and no suspicious WHOIS data is present. Overall, the website demonstrates good business credibility and technical maturity with room for enhanced privacy compliance.

C

Central Dent Clinic

centraldentclinic.hu

46

Central Dent Clinic is a private dental and medical clinic located in the heart of Budapest, Hungary. The website presents a professional and comprehensive overview of their services, including diagnostics, dental hygiene, conservative treatments, periodontology, fixed prosthetics, oral surgery, and implants. The clinic targets patients seeking high-quality private healthcare services with a focus on convenience and expertise. The site is well-structured with clear navigation, professional design, and integrated appointment booking via a partner platform. Technically, the site is built on WordPress using Elementor and Yoast SEO, with modern analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, and OptiMonk. Security posture is good with HTTPS enabled and no obvious vulnerabilities, though security headers and policies could be improved. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service. WHOIS data shows inconsistencies with a future domain creation date, which warrants verification. Overall, the site is trustworthy and professional but could enhance compliance and security transparency.

The website at fllam.lu is currently inaccessible, returning a 403 Forbidden error page that blocks access to any meaningful content. This prevents extraction of business, contact, or policy information. The domain uses EuroDNS nameservers, indicating professional DNS hosting, but no further registrant details are available. The site lacks privacy, cookie, or terms of service policies, and no contact information or interactive forms are present. Technically, the site loads minimal external resources (Google Fonts) but does not reveal any scripts, analytics, or security headers. The security posture is weak due to lack of HTTPS details and absence of security best practices. Overall, the site appears to be either restricted intentionally or misconfigured, limiting trust and usability.

F

Fórum dárců

cenyforadarcu.cz

44

Fórum dárců operates a website dedicated to the 'Ceny Fóra Dárců' awards, recognizing significant public benefit projects and philanthropic efforts in the Czech Republic. The organization is a well-established national donor forum with over 20 years of experience and a strong partnership network including government bodies and major institutions. The website provides event news, award information, and partner details, targeting non-profit organizations, donors, and socially responsible companies. Technically, the site uses a custom PHP-based CMS with jQuery and Google Fonts, and implements cookie consent mechanisms to comply with privacy regulations. However, it lacks a dedicated privacy policy page and explicit contact information, which are areas for improvement. Security posture is moderate with HTTPS enabled but missing security headers and incident response contacts. Overall, the site is professional, trustworthy, and content-rich, serving its audience effectively.

A

ATS Praha s.r.o.

atspraha.cz

47

ATS Praha s.r.o. is a well-established Czech company specializing in mobile marketing, bulk SMS/MMS services, online payment solutions, and consumer contests. Operating since 1997, the company has built strong partnerships with mobile operators and serves businesses seeking effective mobile communication and payment methods. Their service portfolio includes premium SMS, voice services, donor SMS projects, and corporate solutions, positioning them as a key player in the telecommunications sector in the Czech Republic and Slovakia. The website reflects a professional and consistent brand image with clear service descriptions and contact options. Technically, the site uses a mix of legacy and modern technologies, including jQuery, Google Analytics, and asynchronous APIs, with moderate performance and good mobile optimization. Security posture is solid with HTTPS and reCAPTCHA integration, though some improvements are recommended such as updating libraries and adding security headers. The absence of WHOIS data slightly impacts trust but the overall business credibility remains high. Privacy compliance is basic with a privacy policy PDF available but no cookie consent banner. Overall, ATS Praha demonstrates a mature digital presence aligned with its business operations.

F

Fórum dárců

donorsforum.cz

44

Fórum dárců is a well-established Czech non-profit organization acting as a national forum for donors, foundations, and charitable activities. The website provides extensive information about its members, projects, events, and related portals, positioning itself as a key player in the Czech charitable sector. Technically, the site uses modern web technologies including HTTPS, jQuery, FontAwesome, and Google Analytics, ensuring a functional and responsive user experience. However, the absence of WHOIS data for the domain raises concerns about domain registration transparency and legitimacy verification. Security posture is generally good with HTTPS and no visible vulnerabilities, but the lack of security headers and explicit privacy/cookie policies indicates room for improvement. Overall, the site is professional, content-rich, and trustworthy from a business perspective, but would benefit from enhanced privacy compliance and domain registration transparency.

A

Atelier National de Recherche Typographique

anrt-nancy.fr

45

The Atelier National de Recherche Typographique (ANRT) is a specialized academic institution based in Nancy, France, focused on advanced typographic research and education. It operates as a 3rd cycle program under the École nationale supérieure d’art et de design de Nancy, offering a two-year research diploma and doctoral partnerships. The website reflects a niche educational entity with a clear focus on typography and design research, targeting students and researchers worldwide. Technically, the site uses modern JavaScript libraries such as jQuery and Flickity for UI elements, hosted by PLANETHOSTER, and shows moderate performance and good mobile optimization. Security posture is moderate with HTTPS implied but lacks visible security headers and formal privacy or cookie policies, indicating room for compliance improvement. Overall, the site is professional and trustworthy but could enhance privacy and security transparency.

T

Type@Cooper

typographics.com

46

Typographics 2025 is an established annual design festival focused on typography, organized by Type@Cooper and hosted at The Cooper Union in New York City. The event includes conferences, workshops, book fairs, and informal talks, targeting design professionals, educators, and enthusiasts. The website presents a professional and well-structured digital presence with clear navigation and rich content. Technically, it uses modern web technologies including HTML5, CSS3, JavaScript, jQuery, and Matomo analytics, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and secure form handling, though improvements are recommended in security headers and privacy compliance. Overall, the site is trustworthy, safe, and credible, supported by reputable sponsors and institutional partners.

The website revvhost.com currently serves a default test page indicating an active SiteWorx hosting account for razzlesnap.com. The content is minimal and does not represent an active business or service offering. The domain is registered with Porkbun LLC since 2005 and is valid until 2026, indicating a legitimate registration but no active website presence. The technical infrastructure appears basic with no advanced technologies, no CMS detected, and no security or privacy policies implemented. Security posture is weak due to lack of HTTPS and security headers. Overall, the site is not currently operational as a business website and lacks essential compliance and security features.

I

International Gynecologic Cancer Society

igcs.org

45

The International Gynecologic Cancer Society (IGCS) operates a professional and content-rich website dedicated to advancing gynecologic cancer care worldwide. The organization serves a global audience of clinicians, researchers, and healthcare professionals, offering membership benefits, educational resources, and hosting annual global meetings. The website reflects a mature digital presence with a consistent brand and professional design, supporting its position as a leading multidisciplinary society in the healthcare sector. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Visual Composer, and it leverages Cloudflare for DNS services. The site is mobile-optimized and employs SEO best practices, though performance is moderate. Security measures include HTTPS and domain transfer protection, but DNSSEC is not enabled, and security headers are not evident in the provided data. From a security perspective, the site demonstrates a good baseline posture with HTTPS and reputable domain registration. However, the absence of explicit privacy policies, terms of service, security policies, and incident response contacts indicates gaps in compliance and transparency. No WAF or blocking mechanisms were detected, and no adult or explicit content is present, making the site safe for general audiences. Overall, the website scores well in business credibility and technical implementation but should improve privacy compliance and security transparency to enhance trust and regulatory adherence.

The website uscap.org is currently inaccessible, returning a 403 Forbidden error page. This indicates that access to the content is restricted, likely by Cloudflare's security mechanisms as evidenced by the use of Cloudflare nameservers. Due to this restriction, no meaningful content, metadata, or business information is available for analysis. The domain is well-established, created in 1998 and registered via GoDaddy, with no suspicious WHOIS patterns detected. However, the lack of DNSSEC and security headers suggests room for improvement in domain and website security configurations. Overall, the website's digital presence is currently blocked, limiting the ability to assess its business model, services, or compliance posture.

P

PIPNI s.r.o.

pipni.cz

43

PIPNI s.r.o. is a Czech-based hosting provider established in 2001, offering a comprehensive suite of hosting services including WebHosting, VPS, VirtualBox, and domain registration. The company positions itself as a modern and reliable hosting provider with a strong market presence, hosting over 50,000 domains and more than 1,000 virtual servers. Their business model focuses on providing automated, secure, and scalable hosting solutions primarily targeting individuals and businesses in need of Linux-based hosting platforms. The website is professionally designed, well-structured, and provides clear pricing and service information in Czech with an English language option. Technically, the website employs a variety of JavaScript libraries such as jQuery and Sequence.js to enhance user experience and interactivity. Hosting is self-managed, with a focus on Linux platforms and SSD storage options. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security practices include HTTPS with free SSL certificates and an emphasis on ISO certifications, but lack explicit security headers and cookie consent mechanisms. From a security perspective, the website demonstrates a moderate security posture with no visible vulnerabilities or exposed sensitive data. However, improvements are recommended in implementing security headers, cookie consent, and publishing incident response or vulnerability disclosure policies. The WHOIS data confirms the legitimacy of the domain and company, showing consistent registration details aligned with the business claims. Overall, PIPNI s.r.o. presents a trustworthy and professional hosting service with room for enhancement in privacy compliance and security best practices. Strategic recommendations include adopting comprehensive cookie consent, enhancing security headers, and formalizing vulnerability disclosure processes to strengthen their security and compliance posture.

The website emblemprague.com is currently inaccessible, returning a 403 Forbidden error page that blocks access to any meaningful content. The domain is registered since 2013 with Tucows Domains Inc., indicating a potentially established business, but no business or contact information is available on the website itself. The lack of privacy, cookie, or terms of service policies further limits the ability to assess compliance or user engagement. Technically, the site lacks DNSSEC and security headers, and no analytics or tracking scripts are detected. Overall, the website's digital presence is minimal and blocked, resulting in a low content quality and poor user experience.