High-risk security reports

T

Tourist Board Špindlerův Mlýn, z.s.

touristboard.cz

49

Tourist Board Špindlerův Mlýn, z.s. is a non-profit destination management organization dedicated to promoting tourism in the Špindlerův Mlýn area and the broader Krkonoše region. Supported by the city and key tourism operators, it focuses on marketing, tourism projects, and event organization to enhance the visitor experience and regional development. The website is professionally designed, mobile-optimized, and provides clear information about the organization's mission and activities, targeting tourists and local stakeholders.

F

FT Sun s.r.o.

ftsun.cz

46

FT Sun s.r.o. is a Czech digital agency specializing in data-driven digital services including application development, e-marketing, photo and video production, graphic design, and e-shop solutions. The company targets businesses seeking pragmatic and technologically standardized digital partners. The website presents a professional image with clear service offerings and a focus on GDPR compliance. Technically, the site uses modern web technologies such as Bootstrap, Owl Carousel, Google Analytics, Google Tag Manager, Facebook Pixel, and reCAPTCHA to enhance user experience and security. Security posture is solid with HTTPS enforced and consent mechanisms in place, though the absence of security headers and WHOIS data reduces overall trust. The domain WHOIS data is missing, which is a concern for domain legitimacy but the website content and business information appear consistent and professional. Overall, the site is well-structured, user-friendly, and compliant with privacy regulations, making it a credible digital agency in the Czech market.

4

42 Wolfsburg

42wolfsburg.de

45

42 Wolfsburg is a specialized software development school that is part of the global 42 network, offering bachelor and master level education in software development. The website presents a professional and modern digital presence built on WordPress with Elementor, targeting prospective students and the tech education market. The technical infrastructure is solid, leveraging modern web technologies and performance optimizations, with good mobile responsiveness and SEO practices. Security posture is generally good with HTTPS enforced and privacy consent mechanisms implemented, though explicit privacy and security policies are not published. No critical vulnerabilities or suspicious content were detected, indicating a trustworthy and safe platform. Overall, the site reflects a credible educational institution with room for improvement in transparency and security documentation.

The website 42yerevan.am is currently inaccessible, presenting a 403 Forbidden error page that blocks access to any business or service content. The domain is registered since 2019 with a reputable registrar, but no business information, contact details, or policies are available on the site. The lack of accessible content and absence of privacy, cookie, or terms of service policies indicate a very low digital maturity and poor user experience. Technically, the site only loads Google Fonts externally and does not provide any security headers or SSL configuration details in the provided data. This severely limits the ability to assess the security posture or compliance status. Overall, the site is not currently functional for end users or business purposes.

I

Innovation Academy

42seoul.kr

46

42 Seoul is an innovative software education program based in South Korea, operated by the Innovation Academy. The program offers tuition-free, self-directed learning aimed at cultivating top-tier software developers. The website reflects a medium-sized educational entity with a clear focus on growth, mentorship, and practical experience through collaborations with various companies. The business model emphasizes accessibility and challenge-driven learning without traditional academic constraints. Technically, the website employs a custom CMS with a technology stack including jQuery, Slick Carousel, Google Fonts, and Google Analytics, hosted via Megazone and utilizing Cloudflare DNS. The site is mobile-optimized with good SEO practices, though some accessibility features are basic. Performance is moderate, and the site uses HTTPS with a secure domain registration status. From a security perspective, the site enforces HTTPS and uses Cloudflare nameservers, but lacks visible security headers and a cookie consent mechanism, which are areas for improvement. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a comprehensive privacy policy present but no explicit cookie consent. Contact information is clearly provided, enhancing business credibility. Overall, the website is trustworthy, professional, and well-aligned with its educational mission. Strategic improvements in security headers and privacy compliance would further strengthen its posture and user trust.

B

Bábolna város hivatalos honlapja

babolna.hu

31

Bábolna.hu is the official municipal website of Bábolna city in Hungary, providing comprehensive information about the city's history, government, tourism, cultural life, and current events. The site targets residents, visitors, and stakeholders interested in local governance and community activities. It serves as a digital portal for municipal announcements, event information, and public resources, positioning itself as a trusted source of official city information. Technically, the website is built on the WordPress CMS platform, utilizing the Yoast SEO plugin for search engine optimization and Google Fonts for typography. The site demonstrates moderate performance with good mobile optimization and basic accessibility features. The use of HTTPS ensures secure communication, and structured data via JSON-LD enhances search engine understanding. However, no advanced frameworks or hosting details are evident from the HTML content. From a security perspective, the site benefits from HTTPS encryption and lacks visible vulnerabilities or exposed sensitive data. However, it lacks visible security headers and does not provide privacy or cookie policies, which are critical for GDPR compliance. No incident response or vulnerability disclosure information is present, and contact details for security matters are absent. These gaps represent areas for improvement to enhance trust and compliance. Overall, the website is professional, trustworthy, and well-branded, but it would benefit from improved privacy compliance, explicit security policies, and enhanced transparency regarding data protection and incident handling to strengthen its security posture and regulatory adherence.

The Global TV Group is an international coalition of broadcasters and sales houses trade bodies across multiple continents, focused on promoting television as an effective advertising and media platform. The website serves as an informational and advocacy platform, hosting webinars, industry news, and member information. The technical infrastructure is based on WordPress with a modern plugin ecosystem including Slider Revolution and Contact Form 7, providing a responsive and professional user experience. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, though security headers and policies could be improved. The absence of WHOIS data for the domain is a notable concern, reducing trust in domain legitimacy despite the professional presentation. Privacy and cookie policies are missing, which impacts compliance and user trust. Overall, the site is functional and credible within its niche but would benefit from enhanced transparency and compliance documentation.

A

Ajurvédská Univerzita Praha

ayurveda-online.net

47

Ayurveda-online.net is a small, niche educational website sponsored by the Ajurvédská Univerzita Praha, providing free access to classical Ayurvedic and spiritual literature. The site targets students, researchers, and practitioners interested in Ayurveda and related disciplines. It operates as a non-commercial resource with a focus on educational content rather than commercial services. Technically, the website is simple, built with static HTML and CSS, and hosted on a registrar-associated infrastructure with DNS servers in the Czech Republic. The site is mobile responsive but lacks advanced technical features or CMS integration. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. No privacy or cookie policies are present, and no contact information or forms are provided, limiting user engagement and compliance maturity. Overall, the site is trustworthy for its educational purpose but could improve in security and privacy compliance.

A

ajur.cz

ajur.cz

46

ajur.cz is a Czech Republic-based website focused on Ayurvedic health consultations, education, and e-commerce. The business combines traditional Ayurveda with modern medical knowledge, offering consultations by qualified practitioners and selling Ayurvedic herbs, spices, and literature through an online shop. The site also promotes the Ayurvedic University in Prague and related activities, targeting individuals interested in holistic health and Ayurveda. Technically, the website is built on WordPress using common plugins such as Contact Form 7 and Elementor, hosted on cesky-hosting.eu. The site is mobile-optimized with moderate performance and basic SEO and accessibility features. Security posture is adequate with HTTPS enabled but lacks advanced security headers and explicit privacy or cookie policies, representing compliance gaps. No WAF or blocking mechanisms are detected, and no suspicious content or vulnerabilities are apparent. Overall, the site is trustworthy and professional but could improve privacy compliance and security hardening.

R

Roklen Fin a.s.

roklen.cz

48

Roklen Fin a.s. is a Czech financial group established in 2014, offering a broad range of financial services including corporate finance, investment services, currency exchange, securities trading, and financial news. The group operates multiple specialized brands targeting companies and private individuals, positioning itself as a leading fintech and financial advisory group in the Czech Republic. The website is professionally designed with clear navigation and consistent branding, reflecting a mature digital presence. Technically, the site uses modern JavaScript libraries and lazy loading for performance, but lacks some advanced security headers and explicit privacy compliance features. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, but improvements are recommended in privacy policy publication and security header implementation. Overall, the site is trustworthy and business credible, though privacy compliance and security transparency could be enhanced.

A

Autosklo Hleďa

hleda.cz

45

Autosklo Hleďa is a regional automotive service provider based in the Czech Republic, specializing in automotive glass repair and replacement, air conditioning servicing, tire services, general auto repair, and vehicle rental. The company operates multiple branches in key cities such as Vyškov, Kroměříž, Prostějov, and Šumperk, targeting vehicle owners in the Střední Morava region. Their website reflects a professional and consistent brand presence with clear service offerings and contact information. Technically, the website employs modern web technologies including Bootstrap, jQuery, and Google Tag Manager, ensuring a responsive and user-friendly experience. Privacy compliance is addressed with a GDPR-compliant privacy policy and cookie consent mechanisms. Security posture is moderate, with HTTPS usage and some best practices observed, but lacks explicit security headers and incident response information. The absence of WHOIS data for the domain is a notable concern for domain legitimacy verification, though the website content and business operations appear credible and trustworthy. Overall, the website scores well in content quality, technical implementation, and business credibility, with room for improvement in security and domain registration transparency.

C

cistirna-matraci.cz

cistirna-matraci.cz

45

The website cistirna-matraci.cz represents a small local business specializing in mattress cleaning and disinfection services in Prague and across the Czech Republic. The company offers a variety of cleaning methods including UV-C, ozone, and soda cleaning, targeting consumers seeking hygienic mattress maintenance. The website is built on WordPress using the Divi theme, incorporating modern SEO practices and cookie consent mechanisms, indicating a moderate level of digital maturity. However, the absence of a privacy policy and terms of service documents highlights compliance gaps that should be addressed. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and incident response contacts. Overall, the site is professional and trustworthy for its business scope but would benefit from enhanced compliance and security documentation.

C

COFFEEBREAK s.r.o.

coffee-break.cz

45

COFFEEBREAK s.r.o. is a well-established Czech company specializing in the authorized distribution of premium coffee brands such as Lavazza, alongside professional coffee machines, syrups, teas, and other gastronomy-related products. With approximately 20 years of market presence, the company targets professional gastronomy businesses including cafes, hotels, and offices, offering a comprehensive portfolio of products and tailored services. The website reflects a professional and consistent brand image, supporting its market position as a trusted distributor in the hospitality sector. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses popular JavaScript libraries such as jQuery. It integrates Matomo and Google Tag Manager for analytics and employs the Complianz GDPR plugin for cookie consent management, indicating a mature digital infrastructure. The site is mobile-optimized and SEO-friendly, though some accessibility features could be improved. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR requirements. However, it lacks visible security headers such as Content-Security-Policy and X-Frame-Options, which are recommended for enhanced protection. The absence of WHOIS registrant data due to privacy protection slightly reduces trust but is common for commercial entities. No critical vulnerabilities or exposed sensitive data were detected. Overall, COFFEEBREAK's website demonstrates a solid business and technical foundation with good privacy compliance and a safe content profile. Strategic improvements in security headers and transparency around domain registration could further enhance trust and security posture.

U

UNAR

unar-prohotel.cz

46

UNAR is a Czech company specializing in manufacturing hotel furniture, including mattresses, beds, folding sofas, and accessories, with a tradition dating back to 1991. The company targets hotels, pensions, and spa houses primarily in the Czech Republic and possibly neighboring regions. Their market position is that of an established medium-sized manufacturer with over 300 completed projects, emphasizing quality and custom solutions. Technically, the website employs modern web technologies such as jQuery, Foundation framework, Owl Carousel, and integrates Google Analytics and Tag Manager for tracking, alongside reCAPTCHA for form security. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced and reCAPTCHA implemented, though it lacks some security headers and a security.txt file. Privacy compliance is well addressed with a cookie consent banner and a privacy policy in Czech, indicating GDPR awareness. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy, which should be verified to ensure trustworthiness. Overall, the website is professional and trustworthy from a content and technical perspective but would benefit from improved transparency in domain registration and enhanced security headers.

F

FLAE ROBOTICS, a.s

flaerobotics.ai

46

FLAE Robotics is a newly established Czech company specializing in AI-driven humanoid staff solutions for the hospitality industry. Their innovative approach focuses on creating virtual and physical AI receptionists to transform hotel operations and guest experiences. The company is led by experienced professionals with backgrounds in hospitality, AI, and technology consulting, positioning them as a promising startup in the hospitality technology sector. Technically, the website is built on WordPress with Elementor and integrates modern analytics and cookie consent tools, reflecting a moderate to good digital maturity. Security posture is solid with HTTPS and basic security practices, though improvements such as DNSSEC and security policies are recommended. Overall, the site is professional and trustworthy, though lacking formal privacy and terms documentation. Strategic recommendations include enhancing privacy compliance, publishing security policies, and enabling DNSSEC to strengthen trust and security.

S

Children of Saul

saulgyermekei.hu

40

The website 'Children of Saul' appears to be a small-scale, likely non-profit or community-oriented site based in Hungary. The site is built on WordPress and supports multilingual content in English and Hungarian. The content is minimal with no visible business descriptions, contact information, or privacy-related policies, which limits the ability to fully assess the business model or market position. Technically, the site uses standard WordPress plugins and libraries such as jQuery, Fancybox, and WPML for multilingual support. Google Analytics and Google Tag Manager are used for visitor tracking, indicating some level of digital maturity. Security posture is basic with HTTPS enabled but lacking security headers and visible security policies. No forms or user data collection mechanisms were detected on the analyzed page. Overall, the site is safe with no adult or explicit content detected, but it lacks comprehensive privacy and security disclosures.

Y

Yellow Point, spol s r. o.

yellow-point.cz

32

Yellow Point, spol s r. o. is a Czech Republic-based sport and educational agency established in 1999, specializing in adrenaline experiences, sports skill development, and corporate event organization across the Czech Republic. The company offers a variety of services including ski schools, sport activities, corporate teambuilding events, and gift certificates, targeting a broad audience interested in active and educational leisure. The website is professionally designed, multilingual, and provides clear contact information and partner affiliations, indicating a solid market presence. Technically, the site uses modern JavaScript libraries, tracking tools, and implements cookie consent mechanisms, reflecting a moderate to good digital maturity. Security posture is adequate but could be improved by adding security headers and enhancing form protections. The absence of WHOIS data is a notable concern for domain transparency but does not detract significantly from the business credibility based on website content. Overall, Yellow Point presents as a trustworthy and professional service provider in the hospitality and sports education sector.

H

Hotel u Kabinky | Ubytování ve 4** hotelu v lázeňském středisku v Krkonoších

hoteljanskelazne.cz

43

Hotel U Kabinky is a small hospitality business located in the heart of the Krkonoše mountains in Janské Lázně, Czech Republic. It offers 4-star accommodation directly adjacent to a cable car station and spa colonnade, targeting tourists, families, and sports enthusiasts. The hotel provides rooms, apartments, and depandances, complemented by an on-site restaurant and a sports shop. Additionally, it operates a ski school and related sports services, enhancing its value proposition in the winter sports market. The website is professionally designed, multilingual, and optimized for SEO and mobile devices, reflecting a mature digital presence. Security posture is strong with HTTPS and security headers implemented, though no explicit security or incident response policies are published. The absence of WHOIS registration data is a notable gap that impacts trust but does not detract from the overall professional presentation. Privacy and cookie policies are present and GDPR compliant. Overall, the site demonstrates a solid business and technical foundation with room for improvement in transparency and security documentation.

ALPSPORT s.r.o. operates the website Alpsport.cz, specializing in retail sales of outdoor equipment including gear for skialp, freeride, telemark, climbing, camping, and hiking. The company positions itself as a leading provider in the Czech Republic with a broad product range and services such as equipment rental and climbing courses. The website is built on ASP.NET Web Forms technology, utilizing several JavaScript libraries including jQuery and Owl Carousel, and integrates Google Tag Manager and Smartsupp Live Chat for analytics and customer support. While the technical infrastructure is functional, some components like jQuery are outdated, and security headers could be improved. The site enforces HTTPS and includes a cookie consent mechanism, but lacks an explicit privacy policy and terms of service pages in the provided content. Overall, the security posture is moderate with room for enhancement in compliance and technical modernization. The domain WHOIS data is unavailable, likely due to privacy protection, but the website content and business information indicate a legitimate and established retail business. Strategic recommendations include updating libraries, enhancing security headers, and publishing comprehensive privacy and terms policies to improve trust and compliance.

Z

ZOO Dvůr Králové a. s.

safaripark.cz

48

Safari Park Dvůr Králové is a well-established zoological park in the Czech Republic specializing in African wildlife conservation and visitor engagement. The website provides comprehensive information about animal exhibits, visitor planning, educational programs, and conservation projects. It also offers accommodation services and an online shop, indicating a diversified business model focused on tourism and conservation funding. The site targets families, tourists, and educational groups, positioning itself as a key regional attraction with reputable partnerships. Technically, the website uses a modern tech stack including jQuery, Google Analytics, Facebook SDK, and a custom CMS (Toolkit). The site is mobile-optimized with good navigation and content quality. However, some technical improvements are possible, especially in security headers and performance optimization. From a security perspective, the site uses HTTPS and has a cookie consent mechanism, indicating GDPR awareness. However, it lacks explicit privacy policies, security headers, and incident response contacts, which are areas for improvement. No WAF or blocking mechanisms were detected, and the WHOIS data is consistent and trustworthy. Overall, the website is professional and trustworthy with moderate security posture and privacy compliance. Strategic improvements in security policies and transparency would enhance its risk profile and user trust.

S

Safari Park Resort

safariparkresort.cz

44

Safari Park Resort is a hospitality business located in Dvůr Králové nad Labem, Czech Republic, offering hotel accommodation, safari camping, dining, and experiential programs. The website presents a professional and consistent brand image targeting tourists interested in safari and zoo experiences. The business is small-sized, founded in 2015, and maintains a good market position regionally with partnerships for booking and certification. Technically, the website uses modern JavaScript libraries, analytics tools, and a cookie consent mechanism, but lacks explicit privacy and terms of service pages. Security posture is moderate with HTTPS implied but missing explicit security headers and policies. Contact information is clearly provided with multiple phone numbers and emails, enhancing business credibility.

E

ECN Studio

ecn.cz

48

ECN Studio operates a professional web presence focused on web design, web hosting, and technical support services primarily targeting Czech businesses and users. The company has a long-standing domain registration dating back to 1995, indicating established market presence. The website offers multiple online tools such as webmail, cloud storage, and toolkits, enhancing its service portfolio. The site is well structured with clear navigation and consistent branding, though it lacks formal privacy and cookie policies. Technically, the website uses modern HTML5, CSS3, and JavaScript with responsive design elements, providing a good user experience across devices. However, there is no evidence of advanced frameworks or CMS usage, and performance is moderate. Security posture is adequate with HTTPS implied but lacks explicit security headers and incident response information. No forms or user data collection mechanisms are present on the main page, reducing immediate data protection concerns. Security-wise, the site shows no critical vulnerabilities or exposed sensitive data but would benefit from implementing security headers, publishing privacy and cookie policies, and providing vulnerability disclosure channels. The WHOIS data confirms domain legitimacy and consistency with the business claims, enhancing trustworthiness. Overall, the website is safe, professional, and suitable for general audiences with no adult or questionable content. Strategic recommendations include enhancing privacy compliance, improving security headers, and adding incident response information to strengthen trust and regulatory adherence. The site’s technical and business foundations are solid but could be modernized further for improved performance and security.

W

William H. Coleman, Inc.

travelmartlatinamerica.com

45

TravelMart LatinAmerica is a well-established event organizer specializing in the Latin America tourism industry, facilitating business development through pre-scheduled appointments between global tour operators and suppliers from Central and South America. The company has a strong market position as a premier event since 1978, targeting professional buyers and suppliers in the hospitality and transportation sectors. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to its audience. Technically, the site is built on WordPress with Elementor and uses modern SEO and security tools such as Yoast SEO and Google reCAPTCHA, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and domain locking but lacks advanced security headers and DNSSEC, representing areas for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is trustworthy and functional but would benefit from enhanced security and compliance measures.

O

Orange house s.r.o.

orangehouse.cz

45

Orange house s.r.o. is a Czech Republic based IT company specializing in comprehensive business communication solutions including CRM systems, CMS web platforms, and B2B commerce solutions. Founded in 2012 as a subsidiary of Xantipa Agency s.r.o., the company offers tailored software products and services such as technical support, training, and document management audits. Their market position is that of a small but established technology provider focused on enhancing business management and communication efficiency. Technically, the website employs a mix of legacy and modern JavaScript libraries, Google Analytics for tracking, and a proprietary CMS. However, some components like jQuery 1.9.1 and the Mapy.cz SDK are outdated, which may pose security risks. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. Security posture is adequate with HTTPS usage but lacks security headers and uses deprecated libraries. Privacy compliance is weak due to absence of privacy and cookie policies. Business credibility is strong with clear company information and contact details. Overall, the website is professional and trustworthy but would benefit from technical and compliance improvements.

S

Svazek obcí Východní Krkonoše

vychodnikrkonose.cz

49

Svazek obcí Východní Krkonoše is a regional association of municipalities in the Eastern Krkonoše area of the Czech Republic, focused on regional development, tourism, and community support. The organization provides services such as meeting room rentals, coworking spaces, and event equipment, and manages multiple projects aimed at enhancing tourism and sustainable regional growth. The website reflects a well-established entity with a domain age since 2004, consistent with its operational history. Technically, the website employs modern web standards including HTML5, CSS3, Bootstrap for responsive design, and Font Awesome for icons. It is hosted by Active24, a known Czech hosting provider, and uses HTTPS with good performance optimizations such as Google PageSpeed. The site is mobile-friendly and has good SEO practices, though accessibility features are basic. From a security perspective, the site uses HTTPS and implements a cookie consent banner compliant with GDPR. However, no explicit security headers or incident response policies are found, and no vulnerability disclosure or security.txt files are present. No critical vulnerabilities or exposed sensitive data were detected in the content analyzed. Overall, the website is professional, trustworthy, and suitable for its target audience of local municipalities and regional stakeholders. Strategic improvements in security headers and explicit security policies would enhance its security posture and compliance.

S

Střední škola Olgy Havlové

oajl.cz

49

Střední škola Olgy Havlové is a specialized secondary school located in Janské Lázně, Czech Republic, providing education primarily for students with physical disabilities and multiple impairments. The institution offers a range of services including an internat, special pedagogical center, and leisure center, supported by European Union and EHP funding projects. The website reflects a focused educational mission targeting students, parents, and the public with clear navigation and relevant content. Technically, the site uses common JavaScript libraries such as jQuery and lightGallery, with a moderate performance and basic mobile optimization. Security posture is adequate with HTTPS usage but lacks advanced security headers and cookie consent mechanisms. WHOIS data is unavailable, which reduces domain trustworthiness despite the legitimate educational content. Overall, the site is professional and trustworthy but would benefit from improved privacy compliance and enhanced security practices.

The website www.janskelazne.cz serves as an official tourism and accommodation information portal for Janské Lázně and the SkiResort Černá hora-PEC, the largest ski resort in the Czech Republic. It offers online booking services with promotional discounts on ski passes and leisure activities, targeting tourists and visitors interested in winter sports and summer leisure in the Krkonoše region. The site demonstrates a consistent brand presence and provides clear contact information, reinforcing its role as a local tourism information center with over two decades of experience. Technically, the website employs a traditional web stack including jQuery, jQuery UI, Google Analytics, Google Tag Manager, and Google Maps API, indicating moderate digital maturity. The site is mobile-optimized with good navigation and content relevance, although some accessibility features could be improved. Performance is moderate, with external dependencies on trusted providers for fonts and analytics. From a security perspective, the site uses HTTPS and standard tracking scripts but lacks explicit security headers and privacy/cookie policies, which are critical for GDPR compliance and user trust. The absence of WHOIS data for the domain raises concerns about domain legitimacy and registration transparency, which should be addressed to enhance trustworthiness. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, improved security practices, and verification of domain registration details to strengthen its security posture and business credibility.

M

Max Realitní Fond SICAV a.s.

maxrealitni.cz

36

Max Realitní Fond SICAV a.s. operates as a premium real estate investment fund focused on retail and office properties within the Czech Republic. The fund targets qualified investors, offering a business model centered on pooling capital to invest in prime real estate assets with a goal of achieving an annual return of approximately 8.5%. The website presents a professional and consistent brand image, providing detailed information about investment strategies, team members, and performance metrics. Technical infrastructure leverages modern JavaScript libraries such as jQuery, Bootstrap, and Chart.js, alongside Cookiebot for GDPR-compliant cookie management. Analytics are implemented via Google Analytics and Google Tag Manager, supporting moderate user tracking with appropriate consent mechanisms. Security posture is adequate but could be improved by implementing additional HTTP security headers and verifying SSL configurations. The absence of WHOIS data due to privacy protection limits transparency but does not detract significantly from the site's credibility given the professional presentation and clear business information. Overall, the website is well-structured, user-friendly, and compliant with privacy regulations, serving its target audience effectively.

H

HAVEL & PARTNERS

nextzeny.cz

44

NextŽeny is a specialized project by the reputable law firm HAVEL & PARTNERS, focusing on the global trend of wealth transfer to women, female entrepreneurship, and investment. The website serves as a platform for research dissemination, networking, and educational initiatives targeting women investors and business professionals primarily in Czechia and Slovakia. The project is supported by notable partners such as RSM, UBS, VISA, and others, enhancing its credibility and market position. Technically, the website is built on WordPress with modern performance optimizations including lazy loading, multilingual support via WPML, and Google Tag Manager integration. The site demonstrates good mobile optimization and SEO practices, although accessibility features are basic. Hosting and domain registration are consistent and appropriate for the business scale and age. From a security perspective, the site uses HTTPS and employs best practices like deferred script loading and no exposed sensitive data. However, it lacks explicit security headers and a visible cookie consent mechanism, which are important for GDPR compliance. There is no published security policy or incident response contact, which could be improved to enhance trust and readiness. Overall, the website is professional, trustworthy, and well-aligned with its business goals. Strategic improvements in privacy compliance and security transparency would further strengthen its posture and user confidence.

L

LIVEBOX, a.s.

livebox.cz

49

LIVEBOX, a.s. is a Czech-based company specializing in live streaming services, including sports broadcasts, pay-per-view events, and event production. The company targets sports fans, corporate clients, and event organizers, positioning itself as a reliable and experienced streaming service provider with a medium-sized market presence. Their website showcases a professional design with clear navigation and multimedia content highlighting their key services and partnerships. Technically, the site uses ASP.NET Web Forms with Bootstrap and jQuery, integrating analytics and tracking tools such as Google Analytics, Facebook Pixel, and Smartlook, all managed with user consent mechanisms. Security posture is moderate, with no visible security headers and no explicit incident response or vulnerability disclosure policies published. The absence of WHOIS data reduces domain trust, but the website content and contact information appear legitimate and professional. Overall, the site scores well in content quality and business credibility but could improve in technical security and transparency.

C

Ceník domén, srovnání cen domén | CenikDomen.com

cenikdomen.com

47

CenikDomen.com is a Czech Republic-based website specializing in providing a comprehensive comparison of domain prices across Czech and global registrars. Established in 2013, the site monitors prices for over 500 domain extensions, targeting individuals and businesses seeking the best domain registration deals. The website employs modern frontend technologies such as Bootstrap and Font Awesome, ensuring a responsive and user-friendly interface optimized for mobile devices. However, the site lacks critical compliance elements such as privacy and cookie policies, and no contact information is readily available, which may impact user trust and regulatory compliance. Security-wise, the site uses HTTPS but does not implement DNSSEC or security headers, indicating room for improvement in its security posture. Overall, the domain registration data aligns well with the website's purpose, reflecting a legitimate and stable online presence.

The website hotrec.eu is currently inaccessible due to an invalid SSL certificate on the origin server, resulting in a Cloudflare error 526 page being served. This prevents access to any meaningful content or business information. The site is hosted via OVH SAS and protected by Cloudflare, but the SSL misconfiguration severely impacts trust and usability. No privacy, cookie, or terms of service policies are present, nor are there any contact details or forms. The technical infrastructure is minimal, relying primarily on Cloudflare and OVH SAS hosting. Security posture is weak due to the SSL issue and lack of security headers. Overall, the site is blocked by a WAF mechanism, limiting analysis and reducing the AI score to 25.

M

Metropolitní kapitula u sv. Víta

katedrala.tv

47

Katedrála TV is an official streaming media platform operated by Metropolitní kapitula u sv. Víta, providing live and archived religious services primarily related to St. Vitus Cathedral in Prague. The website serves a general audience interested in religious content, offering scheduled programming and video archives. The business operates as a small non-profit entity within the media and government/non-profit sectors, with a clear focus on religious broadcasting. Technically, the website employs modern web technologies including Google Fonts, Google Analytics with consent, Cookiebot for cookie management, and Cloudflare for DNS and CDN services. The site is mobile optimized with good navigation and SEO practices, though it lacks a detected CMS and some advanced accessibility features. Performance is moderate, supported by CDN usage. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent mechanisms. However, it lacks DNSSEC, security headers, and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the business identity, enhancing trustworthiness. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, though it could improve security posture by enabling DNSSEC, adding security headers, and publishing security policies. Contact information is minimal on the site, which could be enhanced for better user support and trust.

Valbek, spol. s r.o. is a well-established Czech engineering and project management company specializing in infrastructure and construction projects since 1990. The company offers a broad range of services including project design, geotechnical surveys, construction supervision, and software development for the construction industry. With a large team of experts and multiple ISO certifications, Valbek holds a strong market position in the Czech Republic and neighboring countries. The website reflects a professional and comprehensive digital presence with clear service descriptions and contact information. Technically, the website uses a traditional tech stack with jQuery and bxSlider, and integrates modern fonts and photo galleries. The site is mobile-optimized and provides a cookie consent mechanism compliant with GDPR. However, some technologies like jQuery are outdated, and security headers are not visibly implemented, which could be improved. From a security perspective, the company demonstrates maturity through ISO 27001 certification and published security policies. The website enforces HTTPS and provides cookie consent, but lacks a dedicated incident response contact and security.txt file. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is trustworthy, professional, and compliant with privacy regulations. The domain age and WHOIS data align well with the company's history, supporting legitimacy. Strategic improvements in security headers, technology updates, and incident response transparency would enhance the security posture and user trust.

L

LOGstudio

logstudio.cz

45

LOGstudio is a Czech-based design and creative agency specializing in web development, UI/UX design, branding, printing materials, online marketing, and professional photo/video production. The company positions itself as a passionate and innovative partner for businesses seeking to enhance their brand identity and digital presence. Their website demonstrates a strong portfolio and client base, indicating a solid market position within the creative technology sector. Technically, the site is built on WordPress using the Divi theme, enhanced with SEO and GDPR compliance plugins, and hosted by a reputable Czech registrar. Security posture is good with HTTPS enabled and CAPTCHA on contact forms, though some security headers could be improved. Privacy compliance is well addressed with clear cookie consent and GDPR policy pages. Overall, the website is professional, user-friendly, and trustworthy, with no critical security or content safety issues detected.

S

SkyParks

skyparksbusiness.com

48

SkyParks is a multi-purpose business and leisure centre located at Malta International Airport, offering office spaces, meeting rooms, and various amenities such as restaurants, fitness, childcare, and banking services. The website positions SkyParks as a key hub combining business and leisure for tenants, travellers, and local residents. Technically, the site is built on WordPress with a modern tech stack including Google Analytics, Facebook Pixel, Hotjar, and AddThis for marketing and analytics. The site is mobile optimized and SEO friendly with good content quality. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers are not explicitly detected and no incident response or security policies are published. Privacy and cookie policies are present and indicate GDPR compliance. However, the WHOIS data for the domain is missing or unavailable, which raises concerns about domain legitimacy despite the professional website content and association with Malta International Airport. Overall, the website is trustworthy and professional but would benefit from improved transparency on domain registration and enhanced security policies.

Rehabilitace Podolí is a Czech Republic based small healthcare provider specializing in rehabilitation and physiotherapy services. The website presents clear information about their services, contact details, and operating hours, targeting patients with medical vouchers and seniors. The business appears to be locally focused with partnerships with insurance companies, enhancing its market credibility. Technically, the website is built on the MySUITU CMS platform, uses jQuery 1.11.0, and is hosted by WEDOS, a reputable Czech hosting provider. The site is mobile optimized and uses HTTPS, but lacks advanced security headers and uses an outdated JavaScript library, which could pose security risks. Privacy and cookie policies are missing, indicating compliance gaps with GDPR and related regulations. Overall, the site is professional and functional but would benefit from improved security and privacy compliance measures.

T

TAKTIQ COMMUNICATIONS s.r.o.

taktiq.com

46

Taktiq Communications s.r.o. is a Czech-based communication agency specializing in media relations, creative projects, content creation, and communication training. The company targets businesses and organizations seeking professional communication and PR services. Their website reflects a professional and consistent brand image, showcasing key services and client testimonials. Technically, the site uses modern technologies including Blazor and Google Fonts, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS usage but lacks visible security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. The WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional website presence.

The domain redirspinner.com is registered recently (January 2024) with GoDaddy.com, LLC and uses Cloudflare DNS servers. The website currently serves only a 404 Not Found error page with no accessible content, metadata, or business information. There are no privacy, cookie, or terms of service policies present, nor any contact details or social media links. The technical infrastructure is minimal with no advanced security headers or analytics detected. The SSL configuration is basic, and DNSSEC is not enabled. Overall, the site lacks digital maturity and business presence, resulting in a low trust and security posture score. The domain age and lack of content raise concerns about legitimacy and readiness for public use.

The website at https://mrpc.naralvin.com/promocode/ is currently inaccessible, returning a 404 Not Found error with minimal JSON content indicating the resource is not found. There is no visible business or security information, no metadata, no forms, and no external links or contact details. The WHOIS lookup for the subdomain mrpc.naralvin.com failed to return any registrar or registrant data, indicating that this is a subdomain without independent registration or public WHOIS records. The lack of content and transparency severely limits the ability to assess the business or security posture of the site. From a technical perspective, the site does not present any detectable technologies, scripts, or frameworks. No security headers or HTTPS enforcement details are available from the provided data. The site appears to be either under development, misconfigured, or abandoned. There is no evidence of privacy, cookie, or terms of service policies, nor any contact or incident response information. Security posture is weak due to the absence of HTTPS and security headers, and the lack of WHOIS data reduces trustworthiness. No vulnerabilities or malware indicators were detected, but the site’s minimal content and 404 error page make it impossible to evaluate further. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include implementing HTTPS with a valid SSL certificate, adding standard security headers, publishing privacy and cookie policies, providing clear contact and business information, and resolving the 404 error to present meaningful content. Without these improvements, the site remains untrustworthy and unusable for visitors or customers.

A

Affision

affision.com

49

Affision operates as a specialized affiliate program within the iGaming sector, focusing on casino and betting products. The company provides tailored commission plans including Revenue Share, CPA, and Hybrid models to its partners. The website presents a professional and consistent brand image, targeting affiliates and partners in the gambling industry. The business is relatively new, founded in 2022, with domain registration consistent with this timeline. Technically, the site is built on WordPress using the Avada theme, enhanced with SEO and analytics tools such as Yoast SEO and Google Analytics. Hosting and DNS services leverage Cloudflare, providing a reliable infrastructure. Security posture is moderate with HTTPS enabled and domain protections in place, but lacks DNSSEC and explicit security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information is limited to a contact form with no direct emails or phone numbers published. Overall, the site is functional and credible but would benefit from enhanced privacy and security disclosures.

M

Město Jičín

jicin.org

46

The website www.jicin.org serves as the official municipal tourism portal for the town of Jičín in the Czech Republic. It provides comprehensive information about local history, cultural events, accommodation, dining, and visitor services. The site targets tourists, families, and history enthusiasts interested in exploring Jičín and the surrounding Český ráj region. The business model is focused on promoting tourism and local culture, supported by the municipal government and related cultural organizations. Technically, the website is built on Drupal 9 CMS with modern web technologies including Bootstrap, jQuery, and FontAwesome. It integrates analytics and marketing tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and AddToAny for social sharing. The site is mobile-optimized and accessible with good SEO practices. However, some security best practices like security headers and cookie consent mechanisms are missing. From a security perspective, the site uses HTTPS and antibot modules to protect forms, but lacks explicit security policies, incident response contacts, and vulnerability disclosure information. The WHOIS data is unavailable due to a malformed response, but the site appears legitimate with consistent branding and official contact details. Overall, the security posture is moderate with room for improvement in transparency and technical controls. The overall risk assessment is low, with recommendations to enhance security headers, implement cookie consent, publish security policies, and regularly audit third-party scripts. These steps will improve compliance, user trust, and resilience against potential threats.

The website evropskenoviny.cz currently serves as a placeholder page indicating that new web pages are under preparation. The content is minimal, with no business descriptions, contact information, or policies present. The domain is registered since 2003 with a Czech registrar and uses Cloudflare DNS, suggesting a legitimate registration. The technical infrastructure includes common frontend libraries such as Bootstrap and jQuery, but lacks advanced SEO, accessibility, and security features. No HTTPS enforcement or security headers are evident in the provided data, and no privacy or cookie policies are implemented, indicating low compliance with GDPR and other privacy regulations. Overall, the site is in an early or transitional stage with significant room for improvement in content, security, and compliance.

The domain krajskenoviny.cz is a long-registered Czech domain created in 2002 and currently hosted by WEDOS Internet, a.s. The website content is not accessible and serves a standard 404 error page indicating the requested content is not found. There is no visible business or contact information, privacy or cookie policies, or terms of service. The technical infrastructure includes Cloudflare DNS and Google Analytics tracking, but no advanced security headers or HTTPS information is available from the provided data. Overall, the website appears inactive or misconfigured, limiting its business and security credibility.

A

Autoservis Dubina Pardubice

autoservisdubina.cz

41

Autoservis Dubina Pardubice is a small automotive service provider based in the Czech Republic, specializing in comprehensive car servicing, repairs, diagnostics, and spare parts sales. The company targets local vehicle owners and offers a broad range of services including chiptuning, tire service, air conditioning, and technical inspections. The website is built on Joomla CMS and uses common JavaScript libraries, presenting a professional and consistent brand image. However, the site lacks privacy and cookie policies, which impacts compliance with GDPR regulations. Security posture is moderate with no visible HTTPS verification or security headers, indicating room for improvement. Overall, the website is functional and trustworthy but would benefit from enhanced security and privacy measures.

Petr Hromádko is a Czech-based financial and real estate specialist offering personalized services including property sales, financing, insurance, and legal support. The website presents a professional image with clear service descriptions, client testimonials, and a strong local market focus. The technical infrastructure is built on WordPress with Elementor, incorporating modern web technologies and basic security measures such as HTTPS and Google reCAPTCHA. Privacy compliance is well addressed with accessible privacy and cookie policies and a consent mechanism. However, the site lacks explicit security policies and vulnerability disclosure information. Overall, the website is trustworthy and well-positioned for its target audience.

M

Město Pardubice

ipardubice.cz

46

Pardubice.eu is the official web portal of the city of Pardubice, Czech Republic, serving as a comprehensive information hub for tourists, citizens, entrepreneurs, media, and city officials. The website offers a wide range of services including event calendars, tourist guides, public announcements, and contact information, positioning itself as the primary digital gateway to the city's offerings and administrative resources. The portal is well-branded with consistent city imagery and messaging, reflecting its government affiliation and public service mission. Technically, the website employs modern web technologies including JavaScript frameworks, CSS, and multiple analytics and tracking tools such as Google Tag Manager, Microsoft Clarity, Hotjar, and Facebook Pixel. It features responsive design optimized for mobile devices and includes accessibility considerations. The site uses a cookie consent management system compliant with GDPR, allowing users to control their privacy preferences. From a security perspective, the site enforces HTTPS and integrates cookie consent mechanisms, but could improve by adding explicit security headers like Content-Security-Policy and X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms the domain is registered through a reputable Czech registrar, consistent with the website's official nature. Overall, Pardubice.eu demonstrates a strong digital presence with excellent content quality, good technical implementation, and solid privacy compliance. It is a trustworthy and professional government portal with no signs of malicious activity or content safety concerns.

FIBICH CampingCars s.r.o. is a Czech-based company specializing in the sale, service, and rental of caravans and recreational vehicles. With over 14 years of experience, they serve customers primarily in the Czech Republic, including locations near Pardubice, Hradec Králové, and Prague. Their offerings include authorized dealership of well-known brands such as Sterckeman, Mini Freestyle, Benimar, Sunlight, and Challenger, complemented by a showroom, service center, and accessory sales. The company targets travelers and caravan enthusiasts seeking flexible and comfortable travel solutions. Technically, the website employs modern web technologies including HTTPS, Google Analytics, Facebook SDK, and Google reCAPTCHA for security and user tracking. The site is mobile-optimized with good navigation and content quality, although some accessibility features could be improved. The absence of a CMS or hosting provider information limits deeper infrastructure insights. From a security perspective, the site enforces HTTPS and uses CAPTCHA to protect forms, but lacks visible security headers and published privacy or cookie policies, which are important for GDPR compliance. The WHOIS data for the domain is unavailable, which reduces trustworthiness from a domain registration standpoint. No security.txt or incident response contacts are provided, indicating room for improvement in security transparency. Overall, the website presents a professional and trustworthy front for its business, but would benefit from enhanced privacy compliance documentation, improved security headers, and verified domain registration information to strengthen its security posture and user trust.

CreoPlan s.r.o. is a Czech Republic based small architectural and engineering office specializing in project documentation and construction supervision services. Founded in 2016, the company offers comprehensive project preparation from studies through building permits and execution documentation, including technical and author supervision. Their market position is regional, targeting clients needing residential, civic, and industrial building projects. The website is professionally designed using WordPress with a clear structure and contact mechanisms including a form protected by Google reCAPTCHA. Technical infrastructure is modern and hosted by Wedos, a known Czech hosting provider. Security posture is adequate with HTTPS and spam protection but lacks advanced security headers and formal privacy or cookie policies, indicating compliance gaps. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices.