High-risk security reports

A

Alma Mobility

almamobility.fi

49

Alma Mobility is a Finnish company providing comprehensive solutions for the vehicle trade market, including vehicle acquisition, modeling, buyer discovery, and inventory management. Their platform offers real-time 360° market insights to support business operations. The company operates under the parent company Alma Media Oyj, indicating a solid corporate backing and market presence in Finland. The website is built using modern technologies such as React and Gatsby, reflecting a contemporary digital infrastructure. The site is well-designed with good mobile optimization and clear navigation, although some accessibility features could be improved. Security posture is moderate; HTTPS is presumably enabled but lacks visible security headers and explicit security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the domain registration details are consistent and legitimate, supporting the business credibility.

M

MONDO INC

lepaisrecna.rs

39

Lepa i srećna is a Serbian online lifestyle magazine targeting women, offering content on astrology, recipes, fashion, health, family, and travel. It operates under the MONDO INC media group, a well-established regional media company. The website demonstrates a mature digital presence with modern technologies such as Nuxt.js, Google Tag Manager, and multiple analytics and advertising platforms integrated. Privacy compliance is well addressed with a GDPR-compliant cookie consent mechanism and a comprehensive privacy policy. Security posture is good with HTTPS enforced and no obvious vulnerabilities detected, though some security headers could be improved. Overall, the site is professional, content-rich, and trustworthy, with strong social media integration and advertising transparency.

E

elle.rs

elle.rs

47

elle.rs is the Serbian edition of the internationally recognized ELLE magazine brand, focusing on fashion, beauty, lifestyle, and culture content for a Serbian-speaking audience. The website is well-established since 2008 and operates under a reputable media network (WMG Media). It offers rich editorial content, subscription options, and maintains active social media channels. Technically, the site uses modern frameworks such as Nuxt.js and Vue.js, integrates multiple analytics and advertising technologies, and implements a comprehensive cookie consent mechanism compliant with GDPR. Security posture is good with HTTPS enforced and no critical vulnerabilities detected, though DNSSEC is not enabled and some security headers could be improved. Overall, elle.rs presents a professional, trustworthy, and user-friendly media platform with extensive tracking and advertising integrations typical for commercial media sites.

Adria Media Serbia operates as a content network presumably serving the Serbian or Adriatic media market. The website is minimalistic, containing only a title, a header, and a QR code image, with no detailed business descriptions or contact information. The domain is well-established, registered since 2014, which aligns with the business founding year, indicating a stable online presence. However, the lack of substantive content and absence of privacy or cookie policies limit the site's professionalism and user trust. Technically, the website uses Google Analytics and Google Tag Manager for tracking user interactions and Cloudflare for DNS services. There is no evidence of a CMS or advanced frameworks, and no security headers were detected in the provided data. The site does not implement DNSSEC, which is a recommended security enhancement. Performance and SEO optimizations appear minimal due to the sparse content and lack of meta tags. From a security perspective, the site uses HTTPS (implied by Google Analytics scripts loaded over HTTPS), but no additional security headers or policies are present. There is no visible incident response or vulnerability disclosure information, and no contact channels for security issues. The absence of privacy and cookie policies also indicates poor compliance with GDPR and related regulations. Overall, the website presents a low-risk profile due to its minimal content and lack of sensitive data collection but suffers from poor content quality, limited transparency, and weak security posture. Strategic improvements in content, compliance, and security practices are recommended to enhance trust and professionalism.

The website nxjmp.com is currently inaccessible, returning a 403 Forbidden error page with no accessible content. The domain is registered since 2019 with eNom, LLC and uses Cloudflare DNS services, indicating some level of infrastructure maturity. However, the lack of accessible content, metadata, or business information severely limits the ability to assess the company's operations, services, or market position. The technical infrastructure appears to rely on Cloudflare for hosting and security, but no further technology stack details are available due to content blocking. Security posture is limited by the absence of security headers and DNSSEC, though HTTPS is presumably enabled given Cloudflare usage. Overall, the site lacks privacy and cookie policies, contact information, and any form of user engagement mechanisms, which negatively impacts trust and compliance. The website is safe in terms of content but cannot be fully evaluated due to access restrictions.

Gradivo.hr is an online education platform primarily targeting high school students in Croatia, offering video lessons, practice exercises, and preparation materials for the state maturity exams. It positions itself as the largest online provider of such educational content in the region, operating on a subscription-based business model. The website is professionally designed with a clear focus on user experience and accessibility, leveraging modern web technologies such as React and Next.js. Integration with marketing tools like Google Tag Manager and Shopify Chat enhances user engagement and analytics capabilities. Security posture is solid with HTTPS enforced and use of script offloading via Partytown, though there is room for improvement in security headers and explicit privacy compliance disclosures. The domain WHOIS data is privacy protected, which is common for this business type, and no suspicious patterns were detected. Overall, the platform appears legitimate, professional, and focused on delivering educational value to its audience.

S

SPORTSKI ŽIVOT D.O.O.

sportlife.hr

44

Sportlife.hr is a Croatian-based distributor and retailer specializing in professional and home fitness equipment. The company represents multiple well-known international fitness brands and offers services including equipment sales, maintenance, and fitness space planning. The website is professionally designed using WordPress and WooCommerce, targeting fitness centers, gyms, and individual consumers. The domain is well-established since 2010, consistent with the business's market presence. Technically, the site uses modern web technologies and is mobile optimized, though performance is moderate. Security posture is adequate with HTTPS enabled but lacks visible security headers and privacy policies, indicating room for improvement in compliance and security best practices. Contact information is clearly provided, enhancing business credibility.

S

Story.hr

smartlife.hr

49

Story.hr is a Croatian multimedia portal specializing in celebrity news, lifestyle, and technology content. Established in 2011 and operated by MONDO Inc Zagreb, it holds a solid position in the regional media market, offering a variety of news articles and reviews targeting a general audience interested in entertainment and tech. The website demonstrates a mature digital presence with modern web technologies and a comprehensive content offering. Technically, the site uses Nuxt.js framework, integrates multiple analytics and advertising services, and employs a GDPR-compliant cookie consent mechanism, reflecting a good level of digital maturity. Security-wise, the site enforces HTTPS and uses consent management but lacks explicit security policy disclosures and some security headers, indicating room for improvement. Overall, the site is professional, trustworthy, and compliant with privacy regulations, with no signs of content blocking or WAF interference.

M

MONDO, Inc.

sensa.hr

49

Sensa.hr is a Croatian lifestyle and wellness media portal operated by MONDO, Inc., under the parent company Story.hr. The site offers a wide range of content focused on spiritual growth, mental health, beauty, wellness, health, cooking, lifestyle, and astrology, targeting a general audience interested in a healthy and balanced life. The business model is primarily content publishing monetized through advertising and sponsored events such as the Sensa Wellbeing Dan. The website demonstrates consistent branding and professional content quality, supported by a strong social media presence.

The website luxury.hr currently serves as a placeholder with a single under construction image and lacks any substantive content or business information. The domain is registered with a Croatian registrar and has been active since 2015, indicating a legitimate registration. However, the absence of privacy policies, contact information, or any business description limits the website's credibility and user trust. Technically, the site is minimal with basic HTML and CSS, no detected scripts, and no advanced technologies or CMS in use. Security posture cannot be fully assessed due to lack of data but no WAF or blocking mechanisms are detected. Overall, the site scores low on content quality, privacy compliance, and business credibility, resulting in a low overall AI score.

Adria Media Zagreb d.o.o. is a Croatian media company with an established presence since 2006. The website currently displays a maintenance notice but provides clear contact information including emails and phone numbers. The company operates in the media sector, offering publishing and subscription services primarily targeting the Croatian market. The domain registration data aligns well with the business claims, indicating a legitimate and consistent online presence. Technically, the website is built on WordPress using a coming soon plugin, with technologies such as jQuery, Tailwind CSS, and FontAwesome. Hosting and DNS are managed via Cloudflare, providing good SSL configuration. However, the site lacks advanced security headers and privacy compliance features such as cookie or privacy policies. Mobile optimization and accessibility are basic, and no analytics or advertising scripts are detected, indicating minimal user tracking. From a security perspective, the site benefits from HTTPS and Cloudflare DNS but would improve by implementing security headers and formal privacy and cookie policies to meet GDPR requirements. No vulnerabilities or exposed sensitive data were detected in the provided content. Overall, the security posture is moderate but could be enhanced with better compliance and security best practices. The overall risk is low given the limited content and lack of sensitive data collection, but the absence of privacy and cookie policies and security headers are notable gaps. Strategic recommendations include adding privacy and cookie policies, implementing security headers, improving mobile and accessibility features, and establishing vulnerability disclosure and incident response information to enhance trust and compliance.

I

Iskustva i Novosti - sve na jednom mjestu

iskustva.hr

37

The website 'Iskustva i Novosti' is a Croatian news and experiences portal founded in 2020, providing a variety of news articles and blog posts primarily focused on Croatian and regional topics. The site targets the general public interested in current events and lifestyle content. Technically, it is built on WordPress CMS with Elementor page builder and uses common web technologies such as jQuery, Google Fonts, and Facebook SDK. The hosting is provided by POSLUH HOSTING d.o.o., a Croatian hosting company, which aligns with the website's regional focus. The site employs HTTPS with a good SSL configuration but lacks several security headers and explicit privacy or cookie policies, which impacts its compliance posture. Affiliate marketing is present through links to iHerb, Aliexpress, and Temu, and tracking is implemented via Google Analytics and Facebook Pixel. Overall, the website is functional, with good content quality and user experience, but it requires improvements in privacy compliance and security best practices.

M

MONDO, Inc.

story.hr

49

Story.hr is a prominent Croatian media portal specializing in lifestyle, celebrity news, and general entertainment content. Operated by MONDO, Inc., it maintains a strong market presence with multiple subsidiary brands such as Roditelji.hr and Sensa.hr, targeting a broad general audience interested in news, lifestyle, and entertainment. The website features a professional design, clear navigation, and regularly updated content, supporting its position as a leading media outlet in Croatia. Technically, the site leverages modern web frameworks like Nuxt.js and Vue.js, integrates multiple analytics and advertising platforms, and employs best practices in security such as HTTPS and security headers. Privacy compliance is well addressed with comprehensive policies and consent mechanisms, aligning with GDPR requirements. However, direct contact information and explicit security policies are not prominently published, which could be improved. Overall, the site demonstrates a mature digital infrastructure and a solid security posture, making it a trustworthy and professional media platform.

M

Mondo inc.

espreso.rs

46

Espreso.co.rs is a prominent Serbian online news portal operated by Mondo inc., offering a wide range of news, sports, entertainment, and lifestyle content targeted at the general Serbian-speaking audience. The website holds a strong market position as one of the fastest growing portals in the region, supported by a comprehensive content offering and a subsidiary lifestyle brand 'Glossy'. Technically, the site employs a modern advertising and analytics stack including Google Analytics, Gemius, and multiple ad networks, with a custom CMS platform. The site is mobile optimized and demonstrates good SEO and user experience practices. Security-wise, the site enforces HTTPS and GDPR-compliant consent management but lacks explicit published security policies and incident response contacts, which could be improved. Overall, the site is trustworthy, professionally maintained, and safe for general audiences.

六

六度人和(EC CRM)

scrm.com

45

六度人和(EC CRM) is a Chinese technology company specializing in AI-driven CRM systems designed to enhance marketing, sales, and customer service operations for enterprises. Their product suite includes marketing cloud, sales cloud, customer service cloud, and application platforms, targeting medium-sized to large businesses seeking efficient customer relationship management and business growth solutions. The website is professionally designed using WordPress and Elementor, featuring comprehensive product and solution descriptions, customer case studies, and clear contact information. Privacy compliance is well addressed with cookie consent mechanisms and a detailed privacy policy in Chinese. However, the absence of WHOIS data for the domain www.scrm.com raises concerns about domain registration legitimacy, although the website content itself appears legitimate and business-focused. Security posture is good with HTTPS and security headers implemented, but lacks a dedicated security policy or incident response information. Overall, the site demonstrates a mature digital presence with room for improvement in transparency and security documentation.

F

Favicone - A user-friendly API to get favicons from any website

favicone.com

49

Favicone is a small technology service offering a user-friendly API to retrieve favicons from any website domain. The service targets developers and businesses needing quick and reliable favicon fetching, positioning itself as a niche API provider with a focus on simplicity and speed. The website is professionally designed with clear content and examples, hosted on modern infrastructure (Vercel) and uses Tailwind CSS for styling. The technical implementation is modern and performant, with fast delivery via a global CDN and caching mechanisms. Security posture is adequate with HTTPS and domain registration protections, but lacks advanced security headers and published policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy but would benefit from enhanced compliance and security transparency.

S

Strichpunkt GmbH

strichpunkt.ch

46

Strichpunkt GmbH is a small Swiss agency specializing in graphic design, web design, and CMS programming based in Winterthur. The company offers services including branding, logo development, and visual communication strategy, targeting businesses seeking professional digital and print design solutions. Their website reflects a consistent brand image and showcases a portfolio of projects and satisfied customers, positioning them as a reputable local service provider. Technically, the website employs a modern but traditional tech stack centered around jQuery and related libraries, with custom CMS software. The site is mobile-optimized and performs moderately well, though there is room for improvement in accessibility and SEO. No major performance bottlenecks or technical debt indicators are evident. From a security perspective, the site benefits from HTTPS and basic secure practices but lacks important security headers and published policies such as incident response or vulnerability disclosure. No cookie consent mechanism is present, which may pose GDPR compliance risks. No vulnerabilities or exposed sensitive data were detected, but improvements are recommended to enhance security posture and privacy compliance. Overall, the website is professional and trustworthy with a solid business foundation. Strategic enhancements in security policies, privacy compliance, and technical modernization would strengthen their digital maturity and reduce risk exposure.

A

Alma Mobility

almaajo.fi

49

Alma Mobility is a Finnish company specializing in providing comprehensive solutions for the vehicle trade industry, offering services such as vehicle acquisition, modeling, buyer discovery, inventory management, and real-time market insights. The website is built using modern technologies including React and Gatsby, reflecting a contemporary digital infrastructure with good mobile optimization and user experience. However, the site lacks visible privacy and cookie policies, security headers, and explicit contact information, which are important for compliance and trust. The WHOIS data confirms the legitimacy of the domain registration, consistent with the company's business claims in Finland. Overall, the website presents a professional business presence but would benefit from enhanced security and privacy compliance measures.

Nettiauto is Finland's largest and most popular online vehicle marketplace, established in 2000. The platform offers a comprehensive selection of new and used cars, targeting vehicle buyers and sellers primarily within Finland. The website presents a professional and user-friendly interface with good mobile optimization and clear navigation, supporting its strong market position. Technically, the site employs modern web technologies including Google Tag Manager and integrates advertising via Adnami, indicating a mature digital infrastructure. However, the absence of WHOIS registration data raises concerns about domain legitimacy, although the website content and structured data suggest a legitimate business. Security posture is moderate with no visible security headers or explicit security policies, and privacy compliance is weak due to missing privacy and cookie policies. Overall, Nettiauto demonstrates a solid business presence but should improve transparency and security practices to enhance trust and compliance.

P

PMCC Consulting

pmcc-consulting.com

47

PMCC Consulting is a professional consulting firm specializing in project management, process management, and organizational development primarily serving clients in Austria, Germany, and Switzerland. Established since 2008, the company offers a comprehensive suite of services including training, coaching, interim management, and e-learning courses. Their market position is strong within the DACH region, supported by certifications such as IPMA, PMI, TÜV Austria, and Scrum. The website is well-designed, multilingual, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and tools, ensuring good performance and user experience. Security posture is adequate with HTTPS and cookie consent mechanisms, though some security headers and explicit policies are missing. The absence of WHOIS registration data is a notable concern, suggesting either privacy protection or incomplete domain registration information, which slightly impacts trustworthiness. Overall, PMCC Consulting presents a credible and professional online presence with room for improvement in transparency of security policies and domain registration details.

H

Handelskammer beider Basel

praktikumplus.ch

43

The website praktikumplus.ch is operated by the Handelskammer beider Basel and serves as a regional internship management platform for students attending Wirtschaftsmittelschulen in Basel-Stadt and Baselland. It provides coordination of long-term internships, support for learners and companies, and educational resources related to vocational training and Berufsmatur. The site targets students and businesses in the Basel region, positioning itself as a trusted intermediary in the educational sector. Technically, the website is built on a modern stack including Bootstrap, jQuery, and various JavaScript libraries such as Swiper and Fancybox, with WebEdition CMS indicated. The site is mobile-optimized and features a professional design with clear navigation. However, performance is moderate and accessibility features are basic. From a security perspective, the site uses HTTPS and standard secure form practices but lacks visible HTTP security headers and privacy/cookie policies, which are important for GDPR compliance. Google Analytics and Tag Manager are used for tracking without visible consent mechanisms, indicating privacy compliance gaps. The domain uses WHOIS privacy protection, which is justified for this type of organization, and no suspicious patterns were detected. Overall, the website is professional and trustworthy for its educational purpose but would benefit from enhanced privacy compliance and improved security headers to strengthen its security posture and regulatory adherence.

T

Traegerverein iPunkt

ipunkt.swiss

40

iPunkt is a Swiss non-profit organization focused on promoting workplace inclusion for people with disabilities through its unique Label iPunkt certification. The website serves as an information and engagement platform for companies interested in inclusive employment practices. The organization is relatively new, founded in 2023, and targets Swiss companies aiming to improve diversity and inclusion. The site offers certification details, consulting services, an employer network, and event information. Technically, the website uses a custom CMS with common JavaScript libraries like jQuery and Fancybox, and it is hosted under a Swiss registrar with DNS hosted by metanet.ch. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation. Security posture is moderate; HTTPS is enabled with anonymized Google Analytics tracking, but the domain is currently expired and DNSSEC is not enabled, which poses risks. No advanced security headers or explicit security policies are published. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism detected. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent domain renewal and security improvements to mitigate risks.

The website pahtzc.tech is currently inaccessible due to an Access Denied error page, likely caused by Cloudflare's Web Application Firewall (WAF) or security settings. This prevents any meaningful content or metadata extraction, resulting in a lack of visible business information, contact details, or compliance documentation. The domain is registered with ENARTIA S.A. since 2021 and is protected against unauthorized transfers and updates, indicating a legitimate registration status. However, the absence of DNSSEC and lack of visible SSL configuration details limit the security assessment. Overall, the site appears to be a small or new entity with minimal digital footprint and no publicly accessible content.

The website at palibzh.tech is currently inaccessible due to an Access Denied error page, likely caused by Cloudflare's Web Application Firewall or security settings. This prevents any meaningful extraction of website content, metadata, or business information. The domain is registered with ENARTIA S.A. since 2021 and uses Cloudflare DNS servers, indicating a standard hosting and security setup. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are detectable, and no contact or business details are available. The security posture cannot be assessed beyond the presence of Cloudflare protection. Overall, the site appears to be either under maintenance, restricted, or misconfigured, limiting any further analysis.

O

OpenX

openx.net

49

OpenX is an established advertising technology company operating a programmatic advertising platform. The company has a long domain history dating back to 1996, indicating maturity and stability in the ad tech market. The website content provided is minimal, serving primarily as a placeholder with links directing users to the main site www.openx.com for homepage and contact purposes. This limits the ability to fully assess the company's digital presence and compliance posture from this page alone. Technically, the site uses Google Cloud DNS for hosting name servers but lacks visible modern web technologies or CMS indicators in the provided HTML snippet. Security posture is weak due to absence of HTTPS, security headers, and privacy or cookie policies on this page. No contact emails or phone numbers are directly provided, only a link to a contact form on the main site. Overall, the site appears legitimate based on WHOIS data but lacks sufficient content and security features on this particular page.

M

Makedonski radio stanici - Slusaj online

makedonijafm.net

33

Makedonijafm.net is a Macedonian-language online media platform specializing in streaming live Macedonian radio stations. It serves a niche audience of Macedonian-speaking users interested in accessing a variety of local radio content through a centralized web portal. The business model is primarily advertising-supported, leveraging Google Adsense and Google Analytics for monetization and user tracking. The website offers a directory of radio stations with embedded players and links to partner radio sites in the region. Technically, the site uses Bootstrap 3 and jQuery 3.2.1, indicating a somewhat dated but functional technology stack. The site is mobile responsive and provides a basic but clear user experience with good navigation and relevant content.

Р

Радио МОФ

radiomof.mk

45

Радио МОФ is a Macedonian internet radio and media platform that produces and shares music and informative content primarily in Macedonian language. It operates as a non-profit media outlet supported by various organizations, focusing on delivering objective and professional news, cultural, educational, and technological content. The website is built on WordPress CMS and integrates common web technologies and social media platforms to engage its audience. The platform targets Macedonian-speaking youth and citizens interested in culture, education, and civic issues. Technically, the site is moderately optimized with good mobile responsiveness and SEO practices, though some accessibility features could be improved. Security posture is decent with HTTPS enabled but lacks some security headers and explicit vulnerability disclosure mechanisms. The absence of WHOIS data reduces transparency and trust in domain registration details. Overall, the site is functional, content-rich, and serves its niche well but could enhance privacy compliance and security best practices.

The website clubfm.mk serves as an online streaming platform for CLUB FM 103.4, a local radio station likely based in North Macedonia. The site provides a simple audio player interface for live streaming but lacks comprehensive business or contact information, privacy policies, or terms of service. The domain is registered since 2014 with a consistent WHOIS record, indicating a stable presence in the local media market. Technically, the site uses older JavaScript libraries and loads some resources over unsecured HTTP, which poses security risks. There is no evidence of HTTPS enforcement or security headers, and no privacy or cookie policies are present, indicating low privacy compliance. Overall, the site is functional but basic, with limited digital maturity and security posture.

The website at iab.mk appears to be a small-scale WordPress site registered since 2012 and hosted on Contabo servers. The site currently displays multiple PHP warnings and errors related to deprecated code and improper header handling, indicating poor maintenance and outdated technology. There is no accessible business or contact information, no privacy or cookie policies, and no visible security measures such as HTTPS enforcement or security headers. These factors suggest a low level of digital maturity and security posture. The lack of content and metadata further limits the site's professionalism and trustworthiness.

The website krakenoptimize.com currently serves only a standard HTTP 404 Not Found error page, indicating that no accessible content or business information is available. The domain is registered with GoDaddy.com, LLC since 2019 and uses Cloudflare nameservers, but DNSSEC is not enabled. There are no privacy policies, cookie policies, terms of service, contact information, or security policies published on the site. The lack of content and metadata prevents a thorough assessment of the company's business model, services, or market position. Technically, the site is minimal with no detectable scripts, forms, or external links, and no security headers are present. The SSL configuration is basic, and no advanced security practices are observed. Overall, the website is non-functional from a user and security perspective, resulting in a low AI score and poor trustworthiness.

The website cloud-hub.eu is currently under construction and hosted by Plus Hosting Grupa d.o.o. It lacks any substantive content, business description, or user engagement features. The site only displays a placeholder page indicating hosting by Plus Hosting, with links to the hosting provider's control panel and webmail. There is no visible privacy policy, cookie policy, terms of service, or contact information, which severely limits its business credibility and user trust. From a technical perspective, the site uses minimal HTML with no detectable CMS, frameworks, or modern technologies. There is no evidence of HTTPS or security headers, and no analytics or tracking tools are present. The hosting provider is clearly identified, but the site itself does not demonstrate digital maturity or readiness for public use. Security posture is weak due to the absence of HTTPS, security headers, and any security or incident response policies. The lack of privacy and cookie policies also indicates non-compliance with GDPR and related regulations. No vulnerabilities or malicious content were detected, but the site is not yet operational or secure. Overall, the site poses low risk due to its minimal content and lack of user interaction but also offers no business value or trust signals. Strategic recommendations include implementing HTTPS, publishing privacy and cookie policies, adding business contact information, and developing meaningful content to improve credibility and compliance.

E

Eurotruss

eurotruss.com

46

Eurotruss is a medium-sized manufacturing company based in the Netherlands specializing in aluminium truss systems, stages, stage decks, and rigging gear. With over 25 years of experience, they hold a leading market position in the event production supply sector, targeting B2B customers such as event companies and rental services. Their website is professionally designed, mobile-optimized, and provides clear navigation and contact information, supporting their business credibility. Technically, the website is built on WordPress with a modern tech stack including Bootstrap and jQuery, integrating third-party tools like Google Analytics and MailChimp for marketing and analytics. Performance is moderate with good SEO practices, though accessibility is basic. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and explicit privacy and cookie policies, which are compliance gaps. The WHOIS data is unavailable, which raises some concerns about domain legitimacy; however, the website content and branding consistency suggest a legitimate business. No WAF or blocking mechanisms were detected, and the site contains no adult or questionable content, making it safe for general audiences. Overall, the site scores well in business credibility and technical implementation but should improve privacy compliance and domain transparency. Recommendations include implementing comprehensive privacy and cookie policies with consent mechanisms, adding security headers, publishing a security policy and incident response contacts, auditing third-party plugins regularly, and verifying domain registration details to enhance trust.

The website at projectagora.com is currently inaccessible, returning a 403 Forbidden error page which blocks access to any meaningful content. The domain is registered since 2012 with a reputable registrar, Enartia Single Member S.A., and is valid until 2032, indicating a legitimate long-term registration. However, the lack of accessible content, absence of privacy, cookie, or terms of service policies, and no visible contact information severely limit the ability to assess the business or its services. Technically, no scripts, analytics, or security headers are present in the provided HTML, and DNSSEC is not enabled, indicating minimal security hardening. Overall, the site appears to be either restricted intentionally or misconfigured, resulting in a poor user and security posture.

H

HAUS

haus.hr

44

HAUS is a Croatian media portal dedicated to the culture of housing, architecture, and design. It provides rich, well-curated content including projects, interviews, news, and materials related to housing culture. The website targets a general audience interested in architecture and lifestyle in Croatia. Technically, the site is built on WordPress with modern plugins and technologies such as Google Tag Manager, Rank Math SEO, and Complianz GDPR compliance tools. The site is mobile-optimized, SEO-friendly, and uses HTTPS with good security practices. However, some security headers are missing and no explicit security or incident response policies are published. WHOIS data is unavailable due to GDPR restrictions, but the domain is consistent with the Croatian market and language. Overall, the site demonstrates a strong digital presence with good privacy compliance and trustworthy content.

A

after5

after5.hr

36

After5.hr is a Croatian business lifestyle media portal established in 2023, targeting the professional business community with curated content on lifestyle, fashion, travel, and culture. The website leverages WordPress CMS with modern front-end technologies such as Swiper.js and jQuery, supported by Breeze caching and Complianz GDPR compliance plugins. It maintains a consistent brand presence with active social media channels and integrates affiliate marketing partnerships, notably with Answear.hr. The site demonstrates good technical maturity with mobile optimization and SEO best practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers and explicit policies could be enhanced. Overall, the domain registration aligns well with the business profile, indicating legitimacy and trustworthiness.

S

Sveučilište VERN'

vern.hr

49

Sveučilište VERN' is a well-established private university of applied sciences based in Croatia, founded in 1999. The institution offers a range of undergraduate, graduate, and lifelong learning programs, targeting students and professionals seeking quality higher education. The website reflects a professional and modern educational institution with a clear focus on academic excellence and social responsibility. It maintains a strong market position in the Croatian education sector with active international collaborations and Erasmus programs. Technically, the website is built on WordPress with Bootstrap and jQuery, hosted likely on Microsoft Azure infrastructure, and incorporates modern web technologies including Google Tag Manager and Tidio Chat for user engagement. The site is mobile-optimized and SEO-friendly, providing a good user experience. Security-wise, the site enforces HTTPS, uses a GDPR-compliant cookie consent mechanism, and displays multiple certifications and trust indicators. No critical vulnerabilities or security issues were detected in the provided content. Overall, the website demonstrates a mature digital presence with good compliance and security posture, suitable for its educational mission.

K

Kabinet, obrt za poslovne usluge

kabinet3c.hr

43

Kabinet 3C is a Croatian boutique agency specializing in market research and consumer insights, emphasizing curiosity-driven understanding and humanized insights to support business decisions. The company appears to be newly established in 2023 and targets businesses seeking qualitative market research services. The website is professionally designed using WordPress and Elementor, with a consistent brand presence and active social media channels on LinkedIn, Facebook, and Instagram. Technically, the site uses modern web technologies and is hosted under a Croatian registrar, CARNET, which aligns with the business's geographic focus. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though explicit security headers and privacy compliance mechanisms such as cookie consent are lacking. Overall, the site demonstrates moderate to good digital maturity but could improve privacy compliance and security transparency.

P

Plus Hosting Grupa d.o.o.

portal.hr

43

Portal.hr is a regional news portal serving the Kaštela area and nearby cities such as Solin, Trogir, and Split in Croatia. The website provides daily news, local stories, event coverage, and community information, targeting local residents and visitors interested in regional updates. The business operates on an advertising-supported model, leveraging Google Adsense and other ad networks to monetize content. The domain is relatively new, registered in 2022, and is managed by Plus Hosting Grupa d.o.o., a Croatian hosting and domain registrar. Technically, the site is built on Joomla CMS with a modern frontend stack including Bootstrap 5, jQuery, FontAwesome, and Google Fonts. It uses Cloudflare for DNS and likely some security benefits. The site is mobile-optimized, accessible, and SEO-friendly with proper meta tags and structured navigation. Performance is moderate, with some reliance on third-party advertising and tracking scripts. From a security perspective, the site enforces HTTPS, uses CSRF tokens in forms, and includes accessibility features. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are absent. The presence of multiple third-party scripts increases the attack surface slightly. Privacy compliance is basic, with cookie consent mechanisms but limited GDPR-specific disclosures. Overall, Portal.hr presents a professional and trustworthy local news platform with good technical implementation and moderate security posture. Strategic improvements in privacy transparency, security policy publication, and third-party script management would enhance compliance and trustworthiness.

П

Пивара Скопје АД

polnacasa.mk

43

Pivara Skopje AD operates a digital platform at polnacasa.mk focused on age verification and content delivery related to their alcoholic beverage products. The website is bilingual, supporting Macedonian and English, and includes comprehensive privacy, cookie, and terms of service policies embedded in pop-ups. The platform collects minimal personal data (date of birth and consent) to comply with legal age restrictions for alcohol-related content. Technically, the site is built on WordPress 5.3 with common plugins for forms, sliders, and media embedding, showing moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and input validation, but lacks advanced security headers and explicit incident response or security policies. Overall, the site is trustworthy and professionally maintained, with a clear business focus on brand engagement and regulatory compliance.