High-risk security reports

B

Behn Getränke

behn-getraenke.de

42

Behn Getränke is a regional beverage wholesaler and retailer operating in Schleswig-Holstein, Germany, with a long-standing family business history dating back to 1892. The company offers beverage markets in multiple locations and provides gastronomy consulting and event inventory services. The website is built on WordPress with common plugins such as Yoast SEO and WPBakery Page Builder, indicating a moderate level of digital maturity. Accessibility is a strong focus, with an advanced accessibility tool integrated to support various user needs. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks explicit security headers and incident response information. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is professional and trustworthy but could improve in privacy and security transparency.

S

Stabsstelle Prävention - Fachstelle gegen sexualisierte Gewalt der Nordkirche

kirche-gegen-sexualisierte-gewalt.de

47

The website represents the Stabsstelle Prävention, a specialized non-profit church-affiliated organization focused on prevention, intervention, and support related to sexualized violence within the Evangelical Church in Northern Germany (Nordkirche). It provides resources, contact points, and educational materials for affected individuals and church staff. The site is positioned as a trusted regional authority with clear church ties and a focus on transparency and support. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries like jQuery and stickybits for UI enhancements. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced, but lacks some advanced security headers and explicit incident response contacts. Privacy compliance is mostly met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site is professional, trustworthy, and well-aligned with its mission. The domain WHOIS data is limited but does not raise significant concerns. No blocking or WAF interference was detected, allowing full content access and analysis.

T

Travelbakers

travelevo.cz

45

The website www.travelevo.cz represents TravelEVOlution, a niche event focused on sustainable and authentic travel experiences held in Brno, Czech Republic. The event is organized by Travelbakers and targets professionals and enthusiasts in the travel and tourism sector. The site provides detailed program information, workshops, and partner collaborations, reflecting a well-structured and professional business model in the hospitality industry. Technically, the site is built on Drupal 10, uses modern web technologies, and integrates Google Tag Manager for analytics. The site is mobile-optimized and accessible with good SEO practices. Security posture is solid with HTTPS enabled, but lacks some security headers and visible privacy or cookie policies, which are recommended for compliance and trust. WHOIS data is unavailable, likely due to privacy protection, which slightly impacts trust but is common for small businesses. Overall, the site is professional, content-rich, and trustworthy with room for improvement in privacy compliance and security transparency.

C

CTP

ctp.cz

49

CTP is a leading European real estate company specializing in the development and management of logistics and industrial properties across 10 countries. The website reflects a mature, professional business with a strong market position and comprehensive service offerings tailored to commercial clients. The technical infrastructure leverages WordPress CMS with modern performance and multilingual enhancements, ensuring a fast and accessible user experience. Security posture is solid with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Overall, the site demonstrates high professionalism and trustworthiness, supporting CTP's brand as a major player in the real estate sector.

C

Cykloserver.cz

cykloserver.cz

39

Cykloserver.cz is a well-established Czech cycling news and community platform founded in 2000, serving hobby cyclists and enthusiasts primarily in the Czech Republic and Slovakia. The site offers a variety of content including cycling news, event calendars, trip tips, and an online cycling atlas, supported by partnerships with relevant cycling organizations. The business model appears to be content-driven with advertising and partner promotions. Technically, the website uses standard web technologies with HTTPS and Google Analytics integration, hosted by a Czech hosting provider. While the site is functional and content-rich, it lacks formal privacy and cookie policies and does not implement advanced security headers, which are areas for improvement. The security posture is moderate with secure forms and HTTPS but missing some best practices. Overall, the domain registration data aligns well with the website content, indicating legitimacy and trustworthiness.

V

VšĮ „Mėlyna ir geltona“

dronatonas.lt

44

DRONATONAS is a Lithuanian non-profit initiative organized by VšĮ „Mėlyna ir geltona“ focused on supporting Ukraine by raising funds to purchase and send drones to Ukrainian forces. The website serves as a campaign platform providing information about donation methods, events like marathons and velomarathons, and merchandise sales. It targets both private individuals and businesses interested in contributing to the cause. The organization maintains a clear and consistent brand presence with professional content and active social media channels. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and LiteSpeed Cache, ensuring good performance and SEO optimization. The site is mobile-friendly and accessible with a cookie consent mechanism compliant with GDPR regulations. Security posture is adequate with HTTPS enforced, though some security headers could be improved. No incident response or security policy information is provided. WHOIS data aligns with the website's Lithuanian identity and non-profit nature, though domain creation date appears anomalous. Overall, the site is trustworthy, professional, and well-positioned within its niche of charitable support for Ukraine.

M

Monte Bú Restaurant a steakhouse

monte-bu.cz

42

Monte Bú Restaurant a steakhouse is a premium dining establishment located in Brno, Czech Republic, specializing in exclusive steaks from their own dry-aging cellar, grilling, and premium American and Mexican cuisine. The restaurant also offers a unique collection of exclusive rums and rum tastings led by a rum sommelier. The business operates under the Con Gusto Restaurant Group umbrella, indicating a solid partnership and brand backing. Their market position is that of a unique steakhouse with a focus on quality and gourmet experiences, targeting local residents and visitors seeking high-end dining. Technically, the website employs modern web technologies including Bootstrap, jQuery, Google Tag Manager, Facebook Pixel, and other JavaScript libraries to deliver a responsive and interactive user experience. The site is mobile-optimized and uses HTTPS with good SSL configuration, though it lacks some security headers and formal privacy documentation. The cookie consent mechanism is implemented, reflecting some level of privacy compliance. From a security perspective, the site benefits from HTTPS and no visible exposed sensitive data. However, the absence of WHOIS data raises concerns about domain registration legitimacy, which impacts overall trust. No privacy policy or terms of service pages were found, which is a compliance gap. The site uses tracking and advertising tools with consent defaults denying ad and analytics storage, indicating some privacy awareness. Overall, Monte Bú presents a professional and trustworthy online presence for a small hospitality business, but improvements in transparency, security headers, and domain registration verification are recommended to enhance trust and compliance.

C

CITY-TOOLS, s.r.o.

citytools.cz

45

CITY-TOOLS, s.r.o. operates a professional outdoor advertising platform in the Czech Republic, offering Citylight, billboard, and adhesive foil advertising solutions. The company targets businesses and individuals seeking effective outdoor marketing channels. The website is well-structured, visually consistent, and provides clear contact information, supporting a positive market presence in the local advertising sector. Technical infrastructure leverages common web technologies such as jQuery, Bootstrap, and Google reCAPTCHA, indicating a moderate level of digital maturity. The site is mobile-optimized and includes cookie consent mechanisms, reflecting awareness of privacy compliance requirements. Security posture is generally good with HTTPS enforced and reCAPTCHA integration; however, the absence of security headers and incident response information suggests room for improvement. The lack of WHOIS data limits domain legitimacy verification, which could impact trust from a security perspective. Overall, the website is professional and functional, with moderate risk due to incomplete domain registration transparency.

W

Wastex, spol s r.o.

wastex.cz

41

Wastex, spol s r.o. is a Czech Republic-based company founded in 1990 specializing in the wholesale and retail distribution of fresh fruit, vegetables, and food products. The company serves a broad range of clients including corporate dining facilities, schools, hotels, restaurants, social care institutions, and retail customers primarily in the Zlín region and surrounding districts. Their business model combines daily deliveries, brick-and-mortar retail, and specialized services such as replacement fulfillment and supplier partnerships. The website reflects a medium-sized regional wholesaler with a professional online presence and clear contact information.

S

StaniOn

stanion.cz

37

StaniOn s.r.o. is a Czech Republic based medium-sized construction company specializing as a general contractor for various building projects including residential, industrial, and infrastructure developments. The company emphasizes quality, innovation, and environmental responsibility, holding ISO certifications and operating since 2009. Their website demonstrates a professional digital presence with clear service offerings, client testimonials, and partner affiliations. Technically, the site is built on WordPress with modern tracking and analytics tools, optimized for mobile and SEO. Security posture is good with HTTPS and no obvious vulnerabilities, though security headers and explicit privacy policies are lacking. The absence of WHOIS data limits domain legitimacy verification but the business content and branding suggest a trustworthy entity. Strategic recommendations include enhancing privacy compliance, publishing security policies, and improving security headers to strengthen trust and compliance.

A

Asociace soukromého zemědělství ČR

asz.cz

47

The website www.asz.cz represents the Asociace soukromého zemědělství ČR, a Czech association dedicated to private farming and family farms. It serves as an information hub providing news, events, advocacy, and educational resources for farmers and agricultural stakeholders in the Czech Republic. The site is professionally designed with a clear navigation structure and regularly updated content, targeting a medium-sized audience within the agricultural sector. Technically, the website employs modern web technologies including Google Tag Manager for analytics, Leaflet.js for mapping, and a consent management platform to comply with cookie regulations. The site is mobile-optimized and performs moderately well, though some accessibility features could be enhanced. Security posture is good with HTTPS enforced, but lacks advanced security headers and explicit security policies. From a security and compliance perspective, the site does not expose sensitive data and uses a consent mechanism for cookies, but lacks visible privacy policy and terms of service pages, which could be improved for better GDPR compliance. No WHOIS data is available, likely due to privacy protection, but the website content and structure indicate a legitimate and established organization. Overall, the website is a trustworthy and professional platform for its target audience, with recommendations to enhance security headers, publish clear privacy and security policies, and provide incident response contacts to strengthen its security posture and compliance.

S

Sdružení místních samospráv České republiky, z. s.

smscr.cz

49

Sdružení místních samospráv České republiky, z. s. is a Czech non-profit association representing local self-governments. The website serves as an official portal providing legislative information, working groups, member benefits, media relations, and conference organization. The target audience includes local government officials and municipalities within the Czech Republic. Technically, the website uses modern JavaScript libraries such as jQuery, Bootstrap, and Swiper.js, with a cookie consent mechanism and Google Analytics integration. Security posture is moderate with HTTPS usage and reCAPTCHA, but lacks visible security headers and explicit privacy policies. WHOIS data is unavailable, limiting domain trust verification. Overall, the site is professional, content-rich, and trustworthy for its intended audience.

S

Spolek pro obnovu venkova ČR

spov.org

48

Spolek pro obnovu venkova ČR is a Czech non-profit association dedicated to rural renewal and community development across the Czech Republic. The website serves as the official portal providing information about the association's activities, regional organizations, projects, conferences, and publications. It targets municipalities, local communities, and stakeholders interested in rural development. The site is well-structured with clear navigation and content relevant to its audience. Technically, the website employs modern frontend technologies including jQuery, Bootstrap 4.4.1, Swiper.js for slideshows, and mmenu.js for mobile menus. The site is mobile responsive and includes cookie consent mechanisms indicating GDPR awareness. However, no explicit privacy policy or terms of service pages were found in the provided content. From a security perspective, HTTPS is used, and cookie consent is implemented, but security headers and advanced security policies are not evident. No vulnerability disclosure or incident response information is provided. The WHOIS data for the domain is unavailable, which reduces trustworthiness from a domain registration perspective, though the website content and structure suggest a legitimate organization. Overall, the website is professional, content-rich, and serves its purpose well. Strategic improvements include adding explicit privacy and security policies, enhancing security headers, and verifying domain registration details to improve trust and compliance.

Holidayinfo.cz is a Czech-focused online portal providing comprehensive information about holiday resorts, including ski areas, accommodation, webcams, weather forecasts, and related tourist services. The website targets tourists and visitors interested in Czech recreational destinations, offering seasonal content for both summer and winter activities. The business operates as an information service platform with a niche regional focus, leveraging partnerships with related service providers such as accommodation platforms and ski pass services. The domain's long registration history since 2000 supports its established presence in the market. Technically, the website employs a custom JavaScript-based platform with libraries such as jQuery and Modernizr, integrated with Google Tag Manager and Google Analytics for tracking. The site uses HTTPS and implements a cookie consent banner, indicating basic privacy compliance. However, it lacks visible privacy policy and terms of service pages, and no direct contact information is provided on the homepage. The design is professional and consistent, though mobile optimization and accessibility are basic. From a security perspective, the site benefits from HTTPS and cookie consent mechanisms but lacks published security policies, incident response contacts, and advanced security headers in the HTML content. No vulnerabilities or suspicious patterns were detected. The WHOIS data confirms domain legitimacy and consistency with the website's content and business focus. Overall, Holidayinfo.cz presents a trustworthy and functional information portal with room for improvement in privacy disclosures, security transparency, and contact availability. Strategic enhancements in these areas would strengthen user trust and compliance posture.

S

Sdružení Český ráj

zapovestmiceskehoraje.cz

44

The website 'Za pověstmi Českého ráje' is a regional tourism initiative focused on promoting family-friendly interactive hiking games and storytelling in the Czech Paradise region. It targets families with children and tourists interested in cultural and natural heritage. The site is supported by regional partners and associations, enhancing its credibility and market position. The business model revolves around engaging visitors through gamified experiences and providing practical travel tips and event information. Technically, the website is built on Drupal 10 with modern web technologies including Bootstrap 5 and Google Analytics for tracking. It demonstrates good mobile optimization, accessibility, and SEO practices, providing a positive user experience. However, the hosting provider is not explicitly identified, and performance is moderate. From a security perspective, the site enforces HTTPS and uses best practices for external links but lacks visible security headers and formal privacy or cookie policies, which are compliance gaps. No vulnerability disclosure or incident response information is provided. The absence of WHOIS data for the domain raises some concerns about domain legitimacy, although the website content and partner links suggest a legitimate operation. Overall, the site is professionally designed and trustworthy for its audience but would benefit from improved privacy compliance and enhanced security transparency to strengthen its risk posture and user trust.

O

Omega Design

omegadesign.cz

47

Omega Design is a well-established Czech graphic and marketing design agency specializing in brand creation, graphic design, photography, copywriting, and both offline and online advertising solutions. The company has been operating since 1996 and serves a diverse clientele ranging from small to large brands. Their website reflects a professional and consistent brand image with comprehensive service offerings and a strong digital presence. Technically, the site is built on WordPress with modern tools such as jQuery, Swiper.js, and Google Tag Manager, indicating a mature digital infrastructure. Privacy compliance is well addressed with GDPR-aligned cookie and privacy policies and an opt-in consent mechanism. Security posture is good with HTTPS enforced and no visible sensitive data exposure, though some security headers are missing and no explicit security policies or incident response contacts are published. Overall, the website is trustworthy, well-designed, and business-appropriate, though WHOIS data is unavailable, likely due to privacy protection, which is common for small agencies.

R

RAUL, s. r. o.

ski-tour.cz

47

ČEZ SkiTour is a prominent organizer of cross-country skiing events in the Czech Republic, targeting amateur skiers and winter sports enthusiasts. The website serves as a hub for race information, news updates, multimedia content, and race results. It holds a strong market position as the largest series of such events in the country, with a clear focus on community engagement and event promotion. Technically, the site employs modern web technologies including jQuery, Slick Carousel, and Google Tag Manager, ensuring a responsive and user-friendly experience. However, some technical aspects such as security headers and explicit privacy policies could be improved. The security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and published security policies. Overall, the site is professional and trustworthy, though the absence of WHOIS data introduces some uncertainty regarding domain legitimacy. Strategic recommendations include enhancing privacy disclosures, implementing security headers, and publishing incident response information to bolster trust and compliance.

The analyzed content corresponds to a Chrome internal error page (chrome-error://chromewebdata/) displaying the offline dinosaur game. There is no actual website content, business information, or commercial presence. The page is a built-in browser feature for offline scenarios and does not represent a legitimate external website. Consequently, no privacy, cookie, or terms of service policies are present, and no contact or security policies are available. The technical infrastructure is limited to Chromium's internal JavaScript and canvas-based game implementation, with no external hosting or CMS involved. Security posture cannot be fully assessed due to the internal nature of the page, but no vulnerabilities or sensitive data exposure are evident. Overall, this is not a real website but a browser internal page, and thus it lacks any business credibility or compliance features.

Z

Zucchetti Hospitality s.r.l.

ovosodo.net

37

Ovosodo is a digital agency specializing in UI/UX, web design, and development services, operating as a business unit of Zucchetti Hospitality s.r.l., part of the larger Zucchetti Group. The company targets businesses seeking comprehensive digital solutions, emphasizing equal attention to code and design. Their market position is that of a specialized subsidiary within a reputable technology and hospitality group, founded in 2003. The website reflects a professional and consistent brand image with clear service offerings and recent project showcases. Technically, the website employs modern web technologies including jQuery, Vimeo Player integration, and Iubenda for cookie consent management, alongside Google Analytics and Tag Manager for tracking. The site is mobile optimized with good SEO and basic accessibility features. Performance is moderate, with room for improvement in accessibility and security headers. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, ensuring GDPR compliance. However, it lacks explicit security policies and incident response contacts, and no advanced security headers were detected. The absence of WHOIS registration data for the domain raises concerns about domain legitimacy, although the website content and business information are credible and professionally presented. Overall, the website presents a low risk with good privacy compliance and business credibility, but the missing WHOIS data and lack of explicit security policies suggest areas for improvement to enhance trust and security posture.

The website at peak-rescue.com is currently inaccessible, returning a 403 Forbidden error page that blocks access to any substantive content. This prevents a full assessment of the business, its services, and compliance posture. The domain is registered with GoDaddy.com, LLC since 2018 and is active with standard registrar locks but lacks DNSSEC, which is a minor security shortfall. No privacy, cookie, or terms of service policies are present, nor is there any contact information or forms available on the site. The technical infrastructure appears minimal, with only Google Fonts loaded externally. The security posture is limited due to lack of visible security headers and the access restriction itself. Overall, the site scores low on content quality, privacy compliance, and business credibility due to the lack of accessible information and policies.

B

BrandBits

brandbits.com

46

BrandBits is a small technology company founded in 2009 that offers cloud-hosted SaaS tools designed to enhance customer engagement and brand presentation. Their key services include interactive flipbooks, slidebooks, store locators, visitor recordings, and feedback widgets, targeting businesses seeking to improve their digital customer experience. The website is professionally designed with consistent branding and clear navigation, supporting a good user experience and moderate SEO optimization. Technically, the site uses a modern tech stack including Bootstrap, jQuery, Font Awesome, and analytics tools such as Matomo and Google Tag Manager. Hosting and DNS are managed via Cloudflare, with SSL properly configured. The site is mobile optimized and performs moderately well, though accessibility features are basic. Cookie consent is managed through Cookiebot, indicating some privacy compliance efforts. From a security perspective, the website enforces HTTPS and uses clientTransferProhibited domain status, but lacks DNSSEC and explicit security headers. There is no published security policy or incident response contact, and no vulnerability disclosure mechanism is present. The login form uses secure POST methods but no advanced security features are evident. Overall security posture is moderate but could be improved with additional controls and transparency. The overall risk is moderate with no critical issues detected. Strategic recommendations include enabling DNSSEC, adding security headers, publishing security and incident response policies, and improving privacy compliance disclosures to enhance trust and security culture.

K

Krajské sdružení NS MAS ČR Jihočeského kraje

jihoceskemas.cz

43

Krajské sdružení NS MAS ČR Jihočeského kraje is a regional non-profit association focused on coordinating local action groups and community development projects in the South Bohemian region of the Czech Republic. The website serves as an official portal providing information about their projects, events, and partnerships with government and EU bodies. The organization targets local communities, municipalities, and seniors, emphasizing energy projects and social cooperation. Technically, the website uses a modern but custom-built infrastructure with popular JavaScript libraries such as jQuery and Bootstrap, ensuring good mobile optimization and accessibility. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks visible advanced security headers and explicit incident response policies. The absence of WHOIS data reduces domain trustworthiness, but the website content and partner affiliations support legitimacy. Overall, the site is professional, content-rich, and trustworthy for its intended audience.

N

Národní síť místních akčních skupin České republiky, z.s.

nsmascr.cz

42

Národní síť místních akčních skupin České republiky, z.s. is a Czech non-profit association uniting local action groups working on community-led local development using the LEADER method. The organization represents 178 member groups covering 91% of the Czech Republic, providing advocacy, training, and coordination services. The website is professionally designed, mobile-optimized, and regularly updated with news and events relevant to its audience. Technically, it uses modern JavaScript libraries and enforces HTTPS with appropriate security headers, indicating a good security posture. However, the absence of WHOIS data and lack of published security or incident response policies slightly reduce trustworthiness. Overall, the site is a credible resource for stakeholders in rural development in the Czech Republic.

S

Spolek pro obnovu venkova ČR

spovcr.cz

39

Spolek pro obnovu venkova ČR is a Czech non-profit organization focused on the renewal and development of rural areas in the Czech Republic. The website serves as an official platform providing information about their projects, regional organizations, events, and community initiatives. It targets municipalities, local action groups (MAS), associations, and individuals interested in rural development. The organization appears established and trusted within its niche, offering resources and networking opportunities for rural revitalization. Technically, the website uses a custom CMS with modern JavaScript libraries such as jQuery, Bootstrap, and Swiper for UI components, ensuring a responsive and accessible user experience. However, the site lacks a published privacy policy and terms of service, which are important for compliance and user trust. Security-wise, HTTPS is used and a cookie consent mechanism is implemented, but security headers and vulnerability disclosures are absent, indicating room for improvement in security posture. The absence of WHOIS data limits domain trust assessment, but the website content and contact details suggest legitimacy. Overall, the site is functional and professional but would benefit from enhanced privacy and security transparency.

The website megau.eu is currently inaccessible due to an SSL handshake failure error (Cloudflare error 525), indicating a misconfiguration between Cloudflare and the origin server. The landing page is a Cloudflare-generated error page with no business content, contact information, or policies visible. The domain is registered via Gransy s.r.o., a legitimate registrar, but no further business details are available on the site. Technically, the site relies on Cloudflare for protection but suffers from poor SSL configuration, resulting in blocked access and minimal content delivery. Security posture is weak due to lack of security headers and proper HTTPS setup. Privacy and compliance information is absent, and no forms or tracking scripts are present. Overall, the site is currently non-functional for end users and lacks trust and credibility indicators.

P

Pivovar Svijany

zameksvijany.cz

47

Zámek Svijany is a heritage tourism and hospitality website representing a historic castle near Český ráj, Czech Republic, owned and restored by the Pivovar Svijany brewery. The site offers cultural exhibitions, castle tours, event hosting, and promotes the brewery's traditional beer products. The website is professionally designed with good navigation, mobile optimization, and content relevance, targeting tourists, event attendees, and beer enthusiasts. Technically, the website uses a modern JavaScript stack including jQuery, Google Tag Manager, Google Analytics, and lightbox galleries. It employs HTTPS with good SSL configuration and includes cookie consent mechanisms compliant with GDPR. The site uses CAPTCHA on contact forms to prevent spam and has basic accessibility features. However, no explicit security headers beyond HTTPS were detected, and no security or incident response policies are published. From a security perspective, the site demonstrates good practices such as HTTPS enforcement, cookie consent, and form validation. The absence of WHOIS registrant data due to privacy protection slightly reduces trust but is common for small businesses. No critical vulnerabilities or exposed sensitive data were found. The site lacks a security.txt or vulnerability disclosure page, which could improve transparency. Overall, the website is a trustworthy and professional digital presence for a small hospitality and cultural business. Strategic improvements include adding security headers, publishing security policies, and enhancing accessibility. The domain WHOIS data absence is noted but does not critically impact legitimacy given the business context.

P

PIVOVAR SVIJANY, a.s.

pivobranisvijany.cz

45

Pivovar Svijany is a traditional Czech brewery with a rich history dating back to 1564. The website pivobranisvijany.cz primarily promotes the 14th annual Svijanské Pivobraní event scheduled for August 23, 2025, featuring music and the brewery's beer offerings. The company targets beer enthusiasts and local community members, leveraging its heritage and quality products to maintain a strong regional presence. The business model focuses on event promotion and brand marketing to support brewery sales. Technically, the website uses a common and stable technology stack including jQuery, Bootstrap, and various UI libraries. The site is moderately optimized for performance and mobile devices, with a clear navigation structure and professional design. However, SEO and accessibility features are basic, and no CMS or advanced platform is detected. Hosting appears to be provided by Active24, consistent with the domain registrar information. From a security perspective, the site lacks visible security headers and formal privacy or cookie policies, indicating gaps in compliance with GDPR and best practices. No forms or sensitive data collection mechanisms are present, reducing immediate risk. The domain is relatively new (created in 2023) but aligns with the event-specific purpose rather than the brewery's main website. Social media links connect to official brewery accounts, enhancing trust. Overall, the website is functional and professional but would benefit from improved privacy compliance, security hardening, and enhanced SEO and accessibility. The risk level is moderate due to missing policies and security headers but no critical vulnerabilities or blocking mechanisms are detected.

The website at mluvii.com is currently inaccessible, serving a 403 Forbidden error page via Cloudflare, indicating restricted access or blocking. Due to this, no meaningful business content, contact information, or policies are available for analysis. The domain is registered since 2017 with Cloudflare as registrar and hosting provider, which is consistent but lacks additional registrant details. The absence of accessible content and security best practices limits the ability to assess the company's market position or technical maturity. Security posture is weak due to lack of visible security headers and policies. Overall, the site appears to be either under maintenance, restricted, or misconfigured, resulting in a poor user experience and low trustworthiness.

The website mujdelirest.cz serves as a multilingual dining portal login page, primarily targeting users who require access to dining services, likely employees or customers within the hospitality sector in the Czech Republic. The business appears to be relatively new, with domain registration dating back to early 2022. The portal provides a straightforward login interface with support for multiple languages, indicating an intent to serve a diverse user base. However, the site lacks visible business contact information, privacy policies, and terms of service on the login page, which limits transparency and user trust. Technically, the website employs common and reliable web technologies including jQuery, Bootstrap, Chart.js, and TinyMCE, suggesting a moderate level of digital maturity. The site is mobile-optimized and includes a cookie consent banner compliant with basic GDPR requirements, though no detailed privacy or security policies are presented. Performance appears moderate with no evident blocking or WAF interference. From a security perspective, the site uses secure form submission methods and password input types but lacks explicit security headers such as Content-Security-Policy or HSTS, which are recommended for enhanced protection. The absence of privacy and security policies, as well as contact information for incident response, indicates gaps in compliance and user assurance. The WHOIS data is transparent and consistent with the website's regional focus, supporting legitimacy. Overall, the website is functional and moderately secure but would benefit from improved transparency, enhanced security headers, and published privacy and security policies to strengthen user trust and compliance posture.

T

TRIMA NEWS, s.r.o.

drbna.cz

49

Drbna.cz is a Czech regional news portal operated by TRIMA NEWS, s.r.o., delivering authentic local news and stories across multiple regional sub-portals. The website targets Czech-speaking audiences interested in regional news, offering a mix of news articles, blogs, weather updates, and premium ad-free subscriptions. The platform holds a strong market position in regional media within the Czech Republic. Technically, the site employs modern JavaScript libraries, Google Tag Manager, Microsoft Clarity, and multiple advertising networks, ensuring a moderate to good performance and mobile optimization. Security-wise, the site enforces HTTPS and uses consent management for cookies, but lacks explicit security.txt and incident response contacts. Privacy policies and terms of service are present and indicate GDPR compliance. Overall, the site is professional, content-rich, and trustworthy, though WHOIS data is unavailable, which slightly impacts domain trust assessment.

P

PERI, spol. s r.o.

peri.cz

33

PERI, spol. s r.o. is a leading Czech supplier of construction equipment specializing in formwork, scaffolding, and engineering services. With over 50 years of experience, the company offers innovative and efficient solutions tailored to meet diverse project requirements. The website reflects a mature digital presence with comprehensive product portfolios, customer portals, and active communication channels. Technically, the site employs modern web technologies, including JavaScript frameworks, SVG icons, and consent management tools, ensuring a responsive and user-friendly experience. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security headers could be further confirmed. The absence of WHOIS data is likely due to privacy protection, common for enterprises of this scale. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations.

P

PIVOVAR SVIJANY, a.s.

pivovarsvijany.cz

49

Pivovar Svijany, a.s. is a historic Czech brewery established before 1564, specializing in traditional Czech beer production. The company operates a professional website showcasing its product range, events, and retail options including an e-shop. The site targets adult consumers with age verification and complies with relevant privacy and cookie regulations. Technically, the website employs modern tracking and analytics tools such as Google Analytics and Facebook Pixel, integrated via Google Tag Manager. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and branding consistency. Security posture is solid with HTTPS enforced and privacy mechanisms in place, though explicit security headers and incident response information are absent. WHOIS data is unavailable, which slightly impacts trust but is mitigated by the company's established market presence and social media footprint.

A

Active Radio ČR

evropa2.cz

43

Evropa 2 is a prominent Czech radio station offering a comprehensive digital platform that includes live streaming, music charts, articles, quizzes, videos, and contests. The website targets a broad audience interested in entertainment, lifestyle, and music, positioning itself as a leading media outlet in the Czech Republic. The business operates under the parent company Active Radio ČR, with a strong brand presence and consistent content quality. Technically, the site leverages modern web technologies including React (Next.js), integrates multiple advertising and analytics services, and employs consent management tools to comply with privacy regulations. Security posture is solid with HTTPS enforcement and security headers, though there is room for improvement in content security policies and incident response transparency. The absence of WHOIS data limits domain trust assessment but the website's professional presentation and legal disclosures support its legitimacy. Overall, Evropa 2 demonstrates a mature digital presence with good security and privacy practices, serving a large audience in the media sector.

G

Generali Investments CEE, investiční společnost, a.s.

generali-investments.cz

43

Generali Investments CEE is a prominent investment company operating primarily in the Czech Republic and Central Europe, offering a wide range of investment funds and programs in multiple currencies including CZK and EUR. The company is part of the larger Generali Group, a well-known global insurance and financial services provider. Their website demonstrates a mature digital presence with comprehensive product information, client services, and multilingual support. Technically, the site uses modern web technologies such as Bootstrap and JavaScript libraries, and implements HTTPS with good security practices, although some security headers could be improved. Privacy compliance is well addressed with clear cookie consent mechanisms and detailed privacy policies, reflecting adherence to GDPR standards. The absence of WHOIS data is a limitation but does not detract significantly from the overall legitimacy given the strong brand presence and professional content. Overall, the site is secure, user-friendly, and trustworthy, serving a large client base in the financial sector.

R

raul, s.r.o.

sportid.online

49

SportID is a Czech-based online registration platform specializing in sports event registrations, targeting sports enthusiasts and participants. The platform offers account creation, event registration, and gift voucher services, positioning itself as a regional player in the sports event management sector. The website is professionally designed with consistent branding and provides a user-friendly experience optimized for mobile devices. The content is relevant and focused on facilitating quick and simple registration for sports events.

4

4WORKS

posunemevasvys.cz

47

4WORKS is a Czech-based digital agency specializing in creating professional websites, e-commerce platforms, applications, and comprehensive online marketing services. With a decade of experience, they position themselves as a trusted partner for businesses seeking to enhance their online presence. The website showcases a modern, well-structured design with clear navigation and extensive service offerings, targeting primarily business clients in the Czech Republic. Technically, the site is built on WordPress using the Avada theme, integrating multiple analytics and marketing tools such as Google Analytics, Matomo, Hotjar, and Facebook Pixel, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and several security headers present, although explicit security policies and vulnerability disclosure mechanisms are absent. The absence of WHOIS data for the domain raises some concerns about domain registration transparency, but the professional presentation and active content mitigate this risk. Overall, the site demonstrates a solid digital maturity with room for improvement in privacy compliance and security transparency.

T

Rozcestník - trideni.cz

trideni.cz

41

The website trideni.cz serves as an informational portal focused on waste sorting and recycling in the Czech Republic, providing users with regional navigation to localized waste management resources. The site targets residents interested in environmental sustainability and recycling practices. Technically, the site uses Bootstrap 3.3.6 for styling and includes Google Analytics with consent denied by default, indicating some privacy awareness. However, the site lacks modern security headers and comprehensive privacy documentation, which limits its compliance and security posture. The absence of WHOIS data raises concerns about domain registration legitimacy, although the site content itself appears safe and appropriate for general audiences. Overall, the site is functional but would benefit from enhanced security, privacy, and business transparency measures.

S

Samosebou.cz

samosebou.cz

41

Samosebou.cz is an educational website dedicated to promoting waste sorting and recycling awareness primarily in the Czech Republic. The platform offers a variety of content including articles, infographics, interactive dictionaries, and competitions aimed at educating the general public about proper recycling practices. The site targets environmentally conscious individuals and communities interested in sustainable waste management. Technically, the website is built on WordPress using the Divi theme and incorporates modern web technologies such as Bootstrap and jQuery. It integrates analytics and user behavior tracking tools like Google Analytics and Hotjar, and implements cookie consent mechanisms to comply with privacy regulations. Security-wise, the site enforces HTTPS and shows good SSL configuration but lacks explicit security headers and publicly available security policies. The absence of WHOIS data for the domain reduces the trustworthiness score, although the website content and technical setup appear professional and legitimate. Overall, the site provides valuable environmental education content with a moderate to good security posture and privacy compliance.

J

Jak třídit – Informace ze světa třídění, recyklace a využití odpadů

jaktridit.cz

42

Jaktridit.cz is a Czech Republic-based informational and educational website dedicated to waste sorting, recycling, and environmental awareness. It serves as a comprehensive resource for the general public, providing detailed guides, interactive tools, and an e-shop for materials supporting waste sorting efforts. The website is well-established in its niche, with consistent branding and high-quality content tailored to a broad audience interested in ecological topics. Technically, the site is built on WordPress with modern web technologies such as Bootstrap, jQuery, and Lightbox2. It employs Google Tag Manager and analytics tools for tracking and marketing purposes. The site is mobile-optimized, accessible, and SEO-friendly, offering a smooth user experience. HTTPS is enforced, and cookie consent mechanisms are implemented, reflecting good privacy compliance. From a security perspective, the site demonstrates solid fundamentals with HTTPS and no visible vulnerabilities or exposed sensitive data. However, it lacks some advanced security headers and does not publish a security policy or incident response information. The absence of WHOIS data limits the ability to fully verify domain legitimacy, which slightly impacts trustworthiness. Overall, Jaktridit.cz presents a trustworthy, professional, and user-friendly platform with strong content quality and privacy practices. Strategic improvements in security headers, transparency on incident response, and WHOIS data availability would enhance its security posture and business credibility.

E

EKO-KOM, a.s.

zodpovednafirma.cz

48

Zodpovědná firma is a Czech educational initiative focused on promoting responsible waste sorting and corporate social responsibility among companies. Organized by EKO-KOM, a.s., an authorized packaging company, it offers free educational materials, employee training, and certification to participating firms. The project has a solid market presence with over 259 companies involved, supported by recognized partners and a clear mission to improve environmental practices in workplaces. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses popular JavaScript libraries for enhanced user experience. It is mobile optimized and integrates multimedia content such as Vimeo videos and e-learning links. The site employs HTTPS and cookie consent mechanisms, reflecting a good level of digital maturity. From a security perspective, the site benefits from HTTPS and does not expose sensitive data. However, it lacks explicit security headers and published security policies or incident response plans, which could be improved. Privacy compliance is well addressed with GDPR-aligned privacy and cookie policies. No critical vulnerabilities or suspicious content were detected. Overall, the website represents a trustworthy, professional non-profit project with a clear environmental and educational focus. Strategic improvements in security policy transparency and technical security headers would enhance its posture further.

E

EKO-KOM, a.s.

tonda-obal.cz

40

Tonda Obal is an educational website focused on teaching children about waste sorting and recycling, supported by the Czech company EKO-KOM, a.s. The site targets children of various age groups, parents, and teachers through dedicated subdomains and offers games, coloring pages, and informative content. The business model centers on environmental education and awareness, positioning itself as a niche resource within the Czech Republic's educational and non-profit sectors. Technically, the website uses a combination of Bootstrap 3, jQuery Mobile, and Google Analytics, hosted likely by Active24. The site is mobile-optimized and performs moderately well, though it uses somewhat dated frontend frameworks. The cookie consent mechanism is implemented, reflecting some GDPR compliance efforts, but lacks a formal privacy policy and terms of service pages. From a security perspective, the site enforces HTTPS and uses cookie consent with default denial of analytics tracking. However, it lacks security headers and explicit contact information for incident response or data protection officers. No vulnerabilities or suspicious patterns were detected, and the domain registration is consistent and mature, supporting the site's legitimacy. Overall, the website is a trustworthy, child-safe educational platform with good content quality and moderate technical implementation. Improvements in privacy documentation, security headers, and contact transparency would enhance compliance and security posture.

E

EKO-KOM, a.s.

branarecyklace.cz

38

The website www.jaktridit.cz/brana-recyklace/ is a Czech non-profit platform dedicated to promoting recycling awareness through a traveling exhibition called 'Brána recyklace'. The exhibition showcases a wide range of products made from recycled materials, aiming to educate the public on the importance of waste sorting and recycling. The site is operated by EKO-KOM, a recognized organization in the Czech Republic, with production managed by ex voto spol s r.o. The content is rich, professionally presented, and targets a general audience interested in environmental sustainability. Technically, the website employs modern front-end technologies including Bootstrap, jQuery, OwlCarousel, Slick Carousel, Lightbox, and Google Maps API. It is mobile responsive with good SEO and accessibility basics. The site uses HTTPS and implements cookie consent mechanisms, reflecting a good level of privacy compliance. However, no advanced security headers were detected, and no incident response or vulnerability disclosure information is provided. From a security perspective, the site shows a solid posture with HTTPS and no visible vulnerabilities or exposed sensitive data. The absence of WHOIS data for the domain is a concern for domain legitimacy verification, though the website content and contact details appear trustworthy and professional. The site integrates Google Tag Manager and Seznam tracking scripts, indicating moderate user tracking. Overall, the website is a credible, well-maintained educational resource with good technical implementation and privacy practices. The main risk lies in the lack of WHOIS transparency, which should be addressed to enhance trustworthiness. Strategic recommendations include adding security headers, publishing a vulnerability disclosure policy, and ensuring WHOIS data availability.

J

Jihočeská plavební společnost s.r.o.

jihoceskaplavebni.cz

46

Jihočeská plavební společnost s.r.o. is a small regional transportation company specializing in passenger boat services and sightseeing cruises on the Vltava and Lužnice rivers in South Bohemia, Czech Republic. The company offers scheduled boat rides, group bookings, and online ticket sales, targeting tourists and local residents. Their website is built on WordPress with WooCommerce and Tickera plugins, indicating a moderate level of digital maturity with e-commerce capabilities. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security posture is generally good with HTTPS and bot protection via Google reCAPTCHA, but lacks some security headers and explicit security policies. The absence of WHOIS data reduces domain transparency and trust slightly, but the presence of clear contact information, social media links, and partner logos supports legitimacy. Overall, the website is professional and trustworthy with room for security and compliance improvements.

E

ENVIPARTNER, s.r.o.

portalobce.cz

44

The website www.portalobce.cz serves as a comprehensive digital platform for municipal services in the Czech Republic, offering a suite of modules including flood management, GIS mapping, strategic planning, and citizen engagement tools. The business is positioned as an important player in the government sector, targeting both public administration and citizens with specialized digital solutions. The platform integrates multiple applications and services, some developed locally, enhancing municipal governance and public safety. Technically, the website employs a modern frontend stack with Bootstrap, jQuery, Font Awesome, and integrates third-party analytics tools such as Google Analytics and Hotjar. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. However, the absence of a CMS or hosting provider information limits deeper infrastructure insights. From a security perspective, the site uses HTTPS and avoids exposing sensitive data, but lacks important security headers and explicit privacy and cookie policies, which are critical for GDPR compliance. The WHOIS data is unavailable, which raises concerns about domain transparency and trustworthiness. No direct contact information or incident response channels are provided, limiting user trust and security communication. Overall, the website is functional and professionally designed but requires improvements in privacy compliance, security best practices, and transparency to enhance trust and regulatory adherence.

H

Hasičský záchranný sbor Jihomoravského kraje

krizport.cz

47

The website www.krizport.cz serves as the official crisis management portal for the South Moravian Region in the Czech Republic, operated by the regional Fire Rescue Service. It provides timely and reliable information on emergency preparedness, current crisis situations, and public safety advice targeted at both the general public and professionals. The portal includes public and restricted sections, emphasizing its role as a trusted government resource. Technically, the site is built on Drupal 10 CMS, leveraging modern web technologies including Google Analytics for visitor tracking and the Foundation framework for responsive design. The site is well-structured, mobile-optimized, and accessible, with clear navigation and consistent branding. Cookie consent mechanisms are implemented, reflecting compliance with privacy regulations. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks some advanced security headers and does not publish explicit security or incident response policies. The absence of WHOIS data for the domain is a notable gap, potentially impacting trust, though the official nature of the content mitigates concerns. No vulnerabilities or suspicious content were detected. Overall, the portal demonstrates a solid digital presence with good content quality and security posture suitable for a government information service. Strategic improvements include enhancing security headers, publishing security policies, and clarifying domain registration details to strengthen trust and compliance.

A

AirWork & Heliseilerei GmbH

air-work.com

43

AirWork & Heliseilerei GmbH is a Swiss-based company specializing in engineering, equipment, and services for the helicopter industry. Established in 1999, the company offers a range of solutions including load lifting devices, maintenance, expert training, and documentation tailored to helicopter operations. Their market position is that of a specialized niche provider with recognized certifications such as EASA Part 21 G and ISO 9001:2015, supporting their credibility in the aerospace sector. Technically, the website employs modern frontend technologies like Swiper.js for interactive sliders and Google Fonts for typography, likely running on a CMS such as OctoberCMS or a custom PHP framework. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Hosting and domain registration are consistent with the business profile, with DNS hosted on webland.ch and domain registered through COREhub, S.R.L. From a security perspective, the site uses HTTPS but lacks important security headers and does not implement DNSSEC, which are areas for improvement. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. No incident response or vulnerability disclosure information is provided, which could be a risk factor. The absence of tracking and analytics scripts suggests minimal user tracking, which is positive for privacy. Overall, the website is professional and trustworthy with strong business credibility but requires enhancements in privacy compliance and security best practices to reduce risk and improve user trust. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and publishing incident response contacts.

B

Breeze-Eastern, LLC

breeze-eastern.com

49

Breeze-Eastern, LLC is a specialized aerospace manufacturing company focused on designing and producing helicopter rescue hoists, winches, cargo hooks, and weapons handling systems for both military and civilian operators. The company holds a unique market position as the world's only dedicated helicopter hoist and winch provider and is recognized as the largest cargo hook OEM globally. Their offerings include comprehensive OEM training and customer support, emphasizing operational safety and efficiency. The website reflects a medium-sized enterprise with a professional and consistent brand presence, targeting aerospace operators worldwide. Technically, the website is built on a modern WordPress CMS platform with popular plugins such as WPBakery Page Builder and Popup Maker. It uses HTTPS with good SSL configuration and integrates multimedia content including YouTube videos. The site is moderately optimized for performance and mobile devices, with good SEO practices and basic accessibility features. From a security perspective, the site enforces HTTPS and uses AJAX with nonce tokens for form validation, indicating attention to secure data handling. However, it lacks explicit security headers and does not publish incident response or vulnerability disclosure policies. The absence of WHOIS data for the domain raises concerns about domain registration transparency, although the website content and business information appear legitimate and professional. Overall, Breeze-Eastern's website presents a credible and professional digital presence aligned with its aerospace manufacturing business. Strategic improvements in security policy transparency, WHOIS data availability, and enhanced accessibility would further strengthen its security posture and trustworthiness.

nivia.de is a German technology company specializing in avalanche transceiver devices featuring advanced 3D technology for faster and more precise search capabilities. The website presents a professional and focused product offering targeting skiers, mountaineers, and rescue professionals. The company positions itself as an innovator in avalanche safety technology with a small business footprint. Technically, the site uses modern web technologies including JavaScript ES modules, SVG graphics, and the UIkit framework, hosted on kasserver.com. The site is mobile optimized with good SEO and accessibility basics. Security posture is moderate with HTTPS implied but lacking explicit security headers and cookie consent mechanisms. No direct contact emails or phone numbers are visible, with contact likely via forms. Overall, the site is trustworthy and professional but could improve in privacy compliance and security transparency.

T

TYROMONT Alpin Technik GmbH

tyromont.com

39

TYROMONT Alpin Technik GmbH is a specialized manufacturer and trader of alpine rescue equipment with a history spanning approximately 70 years. The company serves a global clientele including mountain rescue, ski patrol, air rescue, and height rescue organizations. Their website presents a professional and comprehensive product catalog, clear contact information, and relevant business documentation such as terms of business and data protection policies. Technically, the website employs modern JavaScript libraries like jQuery and Flickity, and uses Google Analytics with consent-based loading. The site is mobile-optimized and well-structured, providing a good user experience. However, the absence of WHOIS registration data for the domain www.tyromont.com is a notable inconsistency that impacts domain trustworthiness. Security headers are not visibly implemented, and no explicit cookie consent mechanism is present, which are areas for improvement. Overall, the website is professional and trustworthy from a business perspective but could enhance its security posture and privacy compliance.