High-risk security reports

K

Kulturní středisko města Blanska

akceblansko.cz

43

The website akceblansko.cz serves as a comprehensive local event calendar for the city of Blansko in the Czech Republic, focusing on cultural, sports, and community events. It aggregates detailed event information, including dates, locations, organizers, and categories, targeting residents and visitors interested in local activities. The site is supported by local cultural institutions and event organizers, providing a valuable community resource. Technically, the site uses modern web standards with responsive design, structured data (JSON-LD), and privacy-conscious analytics (Matomo with cookies disabled). Security posture is adequate with HTTPS enforced, but lacks explicit security headers and published privacy or cookie policies, representing compliance gaps. The domain is recently registered in 2023, consistent with the upcoming event dates, and shows no suspicious WHOIS patterns. Overall, the site is professional, trustworthy, and well-positioned as a local cultural hub, but should improve privacy and security disclosures to enhance compliance and user trust.

Т

ТОВ «ЮФД» та ТОВ «Юкрейніан Фільм Дистриб`юшн»

ufd.ua

44

UFD is a Ukrainian film distribution group comprising companies ТОВ «ЮФД» and ТОВ «Юкрейніан Фільм Дистриб`юшн». They specialize in distributing American, European, and Ukrainian films across Ukraine, maintaining a solid national market position with a focus on cinema partnerships and film catalog management. Their website reflects a professional media business with a clear focus on film releases and industry news. Technically, the website uses legacy JavaScript libraries such as jQuery 1.6.1 and jQuery UI 1.8.9, alongside Google Analytics and Tag Manager for tracking. The CMS appears to be OpenCart, inferred from URL structures. The site is moderately optimized for performance and mobile use but lacks advanced accessibility features and modern frameworks. From a security perspective, HTTPS is enabled, but no advanced security headers are detected. The use of outdated JavaScript libraries introduces potential vulnerabilities. There is no visible cookie consent mechanism or detailed privacy and security policies, indicating partial compliance with GDPR and related regulations. No incident response or vulnerability disclosure information is published. Overall, the website is functional and professional but would benefit from modernization of its technical stack, enhanced security practices, and improved privacy compliance to reduce risk and increase trustworthiness.

The website legalcontentua.com is currently a parked domain with minimal content and no active business presence. It primarily serves as a placeholder with advertising scripts from Google Adsense and AdsDeli, indicating monetization attempts through domain parking. The domain was registered recently in August 2023 and uses Dynadot Inc as registrar with parkingcrew name servers. There is no meaningful business description, contact information, or interactive content available. Technically, the site uses basic JavaScript and advertising scripts but lacks HTTPS and security headers, which lowers its security posture. Privacy compliance is minimal with only a basic privacy policy accessible via a JavaScript popup and no cookie consent mechanism. Overall, the site has low trustworthiness and poor content quality, reflecting its parked status rather than an operational business.

K

Kerberos Krematorium a.s.

kerberoskrematorium.cz

45

Kerberos Krematorium a.s. is a specialized pet cremation service provider based in Prague, Czech Republic. Established as a family business in 2013, it has grown to become the longest-operating pet crematorium in the region, serving over 20,000 satisfied clients with a compassionate and individualized approach. The company offers a range of services including pet cremations, transportation, euthanasia assistance, and sales of urns and memorial items, supported by a dedicated team of seven employees. Their market position is strong within the local pet care and memorial services sector, emphasizing empathy and professionalism. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, integrating modern analytics and marketing tools such as Google Analytics, Google Tag Manager, and Facebook Pixel. Hosting is provided by a Czech hosting provider, ensuring local infrastructure support. The site demonstrates good mobile optimization and SEO practices, though performance is moderate and accessibility is basic. From a security perspective, the site employs HTTPS with a good SSL configuration but lacks visible security headers and published security policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is limited due to the absence of explicit privacy and cookie policies, which is a notable gap given the use of tracking technologies. Contact information is clearly presented, enhancing business credibility. Overall, the website is professional and trustworthy, with a clear business focus and consistent branding. Strategic improvements in privacy compliance and security hardening would enhance the site's risk posture and user trust.

M

Mikroazyl Vlčáry z.s.

vlcary.cz

40

Mikroazyl Vlčáry z.s. is a small non-profit organization based in the Czech Republic specializing in providing shelter and rehoming services for large and giant breed dogs, particularly those with behavioral challenges. The organization is led by Rudolf Desenský, a practitioner in dog psychology, offering specialized behavioral re-education and socialization services. The website serves as an informational platform showcasing the dogs currently in care, their status, and adoption possibilities. The business model focuses on animal welfare and rehoming rather than commercial activities. Technically, the website is built using Incomedia WebSite X5 Pro CMS with jQuery, hosted by WEDOS, a Czech hosting provider. The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. However, it lacks advanced technical security measures such as security headers and HTTPS enforcement details are not visible in the provided data. From a security perspective, the site does not implement visible security headers or privacy and cookie policies, which are important for GDPR compliance given the EU jurisdiction. No forms or data collection mechanisms were detected, reducing immediate privacy risks but also limiting user engagement options. The absence of contact information and incident response details limits transparency and user trust. Overall, the website is functional and informative with a clear business focus but requires improvements in privacy compliance, security posture, and contact transparency to enhance trustworthiness and regulatory adherence.

N

Nativia s.r.o.

kockanenipes.cz

49

Kočka není Pes is a Czech Republic based small business operating a WordPress-powered website that combines media content and e-commerce focused on pet care products and information. The company, Nativia s.r.o., founded in 2015, offers a TV series, articles, workshops, and an online shop specializing in pet food brands such as Cat’s Love, Dog’s Love, and Royal Canin. The website targets pet owners and enthusiasts primarily in the Czech market. Technically, the site uses a modern WordPress theme (Enfold) with WooCommerce for e-commerce functionality, integrates social media, and uses GoPay for payment processing. The site is mobile optimized and SEO friendly but lacks some advanced accessibility features.

M

Moracon Ltd.

vavadago.com

47

VAVADA Online Casino is a medium-sized online gambling platform founded in 2017 and operated by Moracon Ltd. It offers a wide variety of slot games and gambling services primarily targeting Russian-speaking users and international players. The platform supports multiple languages and currencies, including cryptocurrencies, and provides instant payout services. Technically, the website is built on WordPress, uses jQuery and Slick Carousel for UI components, and integrates Yandex Metrika for analytics. Mobile optimization and SEO are adequately addressed, but accessibility is basic. Security posture is moderate with some best practices like clientTransferProhibited domain status and DDoS-guard DNS servers, but lacks DNSSEC and visible security headers. WHOIS data shows a suspicious domain creation date in the future, which undermines trust. No privacy, cookie, or terms policies are found, and no contact emails or phone numbers are published, limiting transparency. Overall, the site is functional and professional but has notable gaps in compliance and security transparency.

The website www.e-atyrau.kz is currently inaccessible or inactive, as evidenced by the completely empty HTML content and the failure to retrieve any WHOIS registration data. There is no visible business information, metadata, or contact details available, which prevents any meaningful assessment of the company's operations or market position. The lack of content and registration data suggests the domain may be unregistered, expired, or blocked. From a technical perspective, the site lacks any detectable technologies, scripts, or frameworks. There is no indication of HTTPS usage or security headers, which poses a significant security risk if the site were to become active. The absence of privacy, cookie, or terms of service policies further indicates a lack of compliance with common data protection regulations. Security posture is minimal due to the lack of accessible content and security configurations. No vulnerabilities or security best practices can be assessed. The domain's legitimacy is questionable given the absence of WHOIS data and website content. Overall, the site currently presents a high risk and low trust profile. Strategic recommendations include verifying domain registration status, implementing HTTPS with proper SSL certificates, publishing essential privacy and security policies, and developing meaningful website content to establish credibility and compliance.

E

ENVIPARTNER, s.r.o.

gisella.app

49

Gisella.app is a Czech-developed mobile mapping application designed for efficient field data collection, targeting municipalities, environmental researchers, sociological researchers, and educators. The app supports multiple GIS data formats and integrates with popular platforms such as Google Drive and WEGAS, positioning itself as a niche but valuable tool in the GIS and education sectors. The website reflects a professional and consistent brand presence with good content quality and user experience. Technically, the site uses modern web technologies including Bootstrap, jQuery, Google reCAPTCHA, Hotjar, and Google Analytics, ensuring a functional and moderately performant platform. Security posture is solid with HTTPS enforced and anti-bot measures on the contact form, though it lacks explicit security headers and published security policies. Privacy compliance is limited due to missing privacy and cookie policies, which should be addressed to improve trust and regulatory adherence. Overall, the domain registration aligns well with the business claims, enhancing legitimacy. Strategic improvements in privacy documentation, security headers, and incident response transparency would elevate the site's security and compliance maturity.

E

ENVIPARTNER, s.r.o.

wegas.cz

48

ENVIPARTNER, s.r.o. operates the WEGAS platform, a Czech GIS web portal tailored for municipalities to manage and share spatial data online. The platform offers modular GIS solutions, including a mobile data collection app, and targets local governments with a SaaS business model featuring a free trial and usage-based pricing. The website is professionally designed, mobile-optimized, and uses modern web technologies such as WordPress, Bootstrap, and Leaflet.js. Security posture is good with HTTPS and some best practices, though improvements are recommended in security headers and formal policies. The domain registration is consistent with the business entity and country, supporting legitimacy. Overall, the site is trustworthy, content-rich, and well-positioned in its niche market.

O

Obec Želešice

zelesice.eu

46

The website www.zelesice.eu serves as the official online presence of the municipal government of Želešice, a small village in the Czech Republic. It provides residents and visitors with comprehensive information about local government services, public notices, news, events, and contact details. The site includes features such as a virtual tour, waste collection schedules, and a calendar of community events, reflecting a focus on community engagement and transparency. The presence of official contact information and social media links enhances accessibility and trust. Technically, the website is built on a modern stack including Bootstrap 5, jQuery, and various JavaScript libraries for UI enhancements like carousels and calendars. The site is mobile-optimized and demonstrates good accessibility and SEO practices. However, there is no visible implementation of advanced security headers, and no security.txt or incident response information is provided, indicating room for improvement in security posture. Security-wise, the site uses HTTPS, which is mandatory for trust and data protection. The lack of WHOIS data is due to EURid's privacy policies for .eu domains, which is common and justified for this type of entity. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy and cookie policies exist but lack active consent mechanisms. Overall, the site maintains a good balance of usability and security for a local government portal. The overall risk assessment is low, with recommendations to enhance security headers, implement cookie consent mechanisms, and provide clear incident response contacts to further strengthen trust and compliance. The domain registration appears legitimate and consistent with the website's purpose, supporting the site's credibility.

O

Obec Troubsko

troubsko.cz

46

Obec Troubsko operates as the official municipal government website for the village of Troubsko in the Czech Republic. It serves local residents and visitors by providing comprehensive information about municipal services, cultural events, local history, and public notices. The website is positioned as a trusted source for community engagement and administrative communication. Technically, the site is built on TYPO3 CMS, leveraging modern web technologies such as jQuery and Slick Carousel for interactive content. The site is mobile-optimized and presents a professional design with clear navigation. Security posture is moderate; HTTPS is implied but no explicit security headers were detected, and privacy compliance is minimal due to the absence of privacy and cookie policies. The WHOIS data is unavailable, which limits domain trust verification, but the website content and structure align with a legitimate municipal entity. Overall, the site is safe, reliable, and serves its intended audience effectively.

Obec Prace is the official website of the municipality of Prace in the Czech Republic, providing residents and visitors with comprehensive local government information, including news, events, official documents, and contact details. The site serves as a public service platform with a focus on community engagement and transparency. The website is well-branded with consistent municipal imagery and offers accessible content primarily in Czech. Technically, the site uses a combination of jQuery, Bootstrap, Swiper.js, and other JavaScript libraries, and is built on the Munipolis platform, which is common for municipal websites in the region. The site is mobile-friendly and includes accessibility certifications, enhancing usability for a broad audience. Security-wise, the site uses HTTPS and implements cookie consent mechanisms but lacks visible advanced security headers or explicit incident response policies. The absence of WHOIS data limits domain trust assessment, but the official nature and content quality support legitimacy. Overall, the website is a reliable and professional municipal portal with moderate technical sophistication and good privacy compliance.

The website ponetovice.eu is currently inaccessible, returning a 403 Forbidden error page with no visible content or metadata. This prevents any meaningful analysis of the business, services, or security posture. The domain is registered with WEDOS Internet, a reputable Czech hosting provider, indicating legitimate registration but no further business information is available. The lack of accessible content, contact details, or policies suggests the site may be under maintenance, restricted, or misconfigured. From a technical perspective, no technologies, scripts, or security headers are detectable, and no SSL configuration details are available. The security posture is therefore unknown but likely poor due to lack of visible protections. Overall, the site presents a high risk due to inaccessibility and lack of transparency.

O

Obec Kobylnice

kobylnice.cz

38

Obec Kobylnice operates an official municipal website serving the local community in the Czech Republic. The site provides residents and visitors with information about local government services, news, cultural events, and contact details. The business model is focused on public service and community engagement, positioning the municipality as a trusted local authority. Technically, the website uses a combination of Bootstrap 3, jQuery, and Fancybox, with a custom or unknown CMS platform. The site is mobile responsive and moderately optimized for performance and accessibility. Security posture is basic with HTTPS enabled but lacking important security headers and privacy compliance mechanisms such as cookie consent. WHOIS data is unavailable, which slightly reduces trust but the official branding and content support legitimacy. Overall, the website is functional and professional but could improve in security and privacy compliance.

M

Mcompanies Investmen

mcompaniesinvestment.com

45

The website 'mcompaniesinvestment.com' appears to be a minimal informational site built on the Wix platform, with very limited business content and no detailed description of services or company background. The site lacks essential business credibility elements such as contact information, privacy policies, and terms of service. Technically, the site uses Wix's standard hosting and scripts, with basic mobile optimization and moderate performance. Security posture is weak due to the absence of security headers and lack of incident response or security policy information. The domain WHOIS data is missing, which raises concerns about the legitimacy and registration status of the domain. Overall, the site presents a low trust profile and requires significant improvements in business transparency, security, and compliance to be considered credible.

A

AED Cluster Portugal

aedportugal.pt

46

AED Cluster Portugal is a professional cluster organization representing over 150 Portuguese entities in the aeronautics, space, and defence sectors. The cluster facilitates collaboration among companies, institutes, and academia to promote growth and innovation within these industries. The website reflects a well-established market position as a leading cluster in Portugal, offering services such as networking, project promotion, and career opportunities. Technically, the website is built on WordPress with modern libraries and SEO optimizations, providing a good user experience and mobile responsiveness. Security posture is solid with HTTPS and reCAPTCHA usage, though it lacks explicit security headers and formal security policies. Privacy compliance is limited due to the absence of visible privacy and cookie policies. Overall, the site is trustworthy and professional, with room for improvement in privacy and security transparency.

S

Státní fond dopravní infrastruktury (SFDI)

ceskobezbarier.cz

43

The website 'Česko bez bariér' is operated by the Státní fond dopravní infrastruktury (SFDI), a Czech government fund focused on financing projects that remove barriers in public spaces to improve accessibility and safety. The site provides information about funding programs, supported projects, and consultation services for municipalities and other entities. The content is professionally presented, with clear navigation and a focus on public infrastructure improvements. Technically, the site uses a combination of legacy and modern web technologies including jQuery, Bootstrap, and Owl Carousel, with Google Analytics integrated for visitor tracking. Security posture is adequate with HTTPS enforced and a cookie consent mechanism implemented, though some improvements are recommended such as updating libraries and adding security headers. The absence of WHOIS data limits domain registration trust analysis, but the website's consistent government branding and contact details support its legitimacy. Overall, the site is a reliable resource for its target audience, though privacy policy documentation and enhanced security practices would strengthen compliance and trust.

E

Exattosoft LLP

exattosoft.com

48

Exattosoft LLP operates a SaaS platform focused on rapid business website creation, targeting small to medium businesses primarily in India. The platform offers a wide range of features including unlimited pages, galleries, SEO, social integration, and hosting services, with transparent tiered pricing plans. The company has a solid market position as a provider of fast, reliable, and feature-rich website solutions, supported by clear contact information and social media presence. Technically, the website employs modern web technologies such as HTML5, CSS3, JavaScript, jQuery, and the Materialize framework. Hosting and DNS services leverage Cloudflare, enhancing performance and reliability. The site is mobile optimized and includes Google Analytics and Tag Manager for user tracking, though lacks a cookie consent mechanism. From a security perspective, the site uses HTTPS and has domain transfer protections, but lacks DNSSEC and important security headers like CSP and HSTS. There is no published security policy or incident response contact, which limits transparency. The absence of cookie consent and some security best practices reduces privacy compliance. Overall, the website is professional and functional with good business credibility but could improve its security posture and privacy compliance to better protect users and build trust.

M

Městské muzeum Rýmařov

muzeumrymarov.cz

42

Městské muzeum Rýmařov is a small regional museum in the Czech Republic dedicated to preserving and presenting the history and culture of the Rýmařov region. The museum offers exhibitions, educational programs, and digital experiences such as 3D virtual tours. It operates as a non-profit cultural institution supported by the city and various partners. The website is built on Joomla CMS with a modern Helix Ultimate template and includes integrations like Google Analytics for visitor tracking. While the site is well-structured and content-rich, it lacks some privacy and security policy disclosures and cookie consent mechanisms. The absence of WHOIS data for the domain raises some concerns about domain registration transparency, although the website content and partner affiliations suggest legitimacy.

S

Sdružení obcí Rýmařovska - svazek obcí

rymarovsko.cz

41

The website www.rymarovsko.cz represents the official online presence of the Sdružení obcí Rýmařovska, a regional municipal association in the Czech Republic focused on tourism and community cooperation. It provides information about the region, its municipalities, and tourism opportunities, serving residents and visitors alike. The site is built on Joomla CMS with a Helix3 framework, utilizing common web technologies such as jQuery and Bootstrap. Google Analytics is employed for visitor tracking, but no visible cookie consent or privacy policies are present, indicating gaps in privacy compliance. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable libraries. However, it lacks important security headers and formal security policies such as incident response or vulnerability disclosure mechanisms. The absence of WHOIS data for the domain is a notable concern, reducing trustworthiness despite the legitimate and professional appearance of the website content. Overall, the site is functional, informative, and professionally presented but would benefit from enhanced privacy compliance, security hardening, and domain registration transparency to improve trust and regulatory adherence.

Productio is a small Czech-based company specializing in a flexible integration platform tailored for manufacturing and service operations. Their platform focuses on process monitoring, planning, and data utilization to improve operational efficiency and reduce risks associated with system integration gaps. The company offers cloud and on-premise deployment options with a subscription-based business model emphasizing personalized support and rapid customization. The website is professionally designed, featuring detailed case studies with reputable clients, which enhances its credibility. Technically, the website runs on WordPress with modern plugins and Google analytics tools integrated. The platform uses Microsoft technologies for its core solutions, indicating a mature technical infrastructure. The site is mobile-optimized and SEO-friendly but lacks some advanced accessibility features. Performance is moderate, and hosting appears to be with WEDOS, consistent with the domain registrar data. From a security perspective, the site uses HTTPS and avoids exposing sensitive data but lacks visible security headers and published security or incident response policies. No cookie consent mechanism or privacy policy is present, which is a compliance gap under GDPR. The domain registration is recent but consistent with the company's founding date and business claims, with no suspicious WHOIS patterns detected. Overall, Productio presents a trustworthy and professional digital presence with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen their market position and customer trust.

O

Osigeno - veřejné zakázky a dotace s.r.o.

osigeno.cz

40

Osigeno - veřejné zakázky a dotace s.r.o. is a Czech Republic based company specializing in comprehensive services related to public procurement and subsidies. Established in 2010, the company offers a certified electronic tender tool named CENT, alongside consultancy, administration of public tenders, and training seminars. Their client base includes various municipalities and public sector entities, supported by visible client logos linking to official procurement profiles. The website is professionally designed using WordPress and the Divi builder, with moderate performance and good mobile optimization. However, it lacks explicit privacy and cookie policies, and security headers are not detected, which are areas for improvement.

S

Starflix

starflix.lv

42

Starflix is a Riga-based digital marketing agency specializing in web hosting, website development, e-commerce solutions, and digital marketing services. Established in 2014, it positions itself as a leading handmade web developer and digital marketing executor in Latvia with a broad client base. The company offers tailored solutions to help businesses succeed online, including consultation days and web design courses, indicating a focus on client education and engagement. Technically, the website is built on WordPress with common plugins like Visual Composer and LayerSlider, and integrates Facebook Pixel for marketing analytics. The site is well-designed, mobile-optimized, and provides clear navigation, although it lacks explicit cookie consent mechanisms and detailed security policies. Security posture is moderate with HTTPS enabled but missing advanced security headers and incident response information. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include enhancing privacy compliance, implementing security headers, and publishing security policies to improve trust and compliance.

L

Lukáš Churý

lukaschury.cz

46

Lukáš Churý's website serves as a personal portfolio and project showcase highlighting his expertise in project management, programming, graphic design, and education. The site presents a well-established personal brand with multiple successful projects primarily in technology and media sectors, targeting a general audience interested in these fields. The domain age and WHOIS data align well with the business history, reinforcing legitimacy. Technically, the website uses a simple but effective tech stack including jQuery and custom JavaScript, hosted on a Czech hosting provider. The site is mobile-optimized and SEO-friendly but lacks advanced frameworks or CMS. Performance is moderate with good design and navigation clarity. From a security perspective, the site lacks visible security headers and privacy compliance documents such as privacy or cookie policies. No forms collect sensitive data, reducing immediate risk, but the absence of GDPR compliance indicators and vulnerability disclosure mechanisms suggests room for improvement. Overall, the website is trustworthy and professional but would benefit from enhanced privacy and security practices to improve compliance and user trust.

Muzeum Tupeské keramiky is a small local museum located in Tupesy, Czech Republic, dedicated to the history and production of traditional and modern majolica ceramics. The museum offers exhibitions, workshops, school excursions, and a retail shop selling local ceramic products. The website provides basic information about the museum's offerings and cultural significance but lacks detailed contact information and formal privacy or security policies. Technically, the site uses older web technologies such as jQuery 1.x loaded over HTTP, which introduces mixed content risks. There is no evidence of HTTPS enforcement or modern security headers, which impacts the overall security posture. The absence of WHOIS data for the domain reduces trust in domain legitimacy, although the website content appears genuine and focused on cultural heritage. Overall, the site serves its informational purpose but requires improvements in security, privacy compliance, and technical modernization.

A

Areál Kukla

arealkukla.cz

38

Areál Kukla is a Czech event venue specializing in providing multifunctional spaces for corporate training, meetings, teambuilding, and social events. The website targets local businesses and organizations near Brno, offering flexible and versatile event spaces including an atrium and unique facilities such as a former mining tower. The business model centers on venue rental and event hosting services. Technically, the website is built on an outdated WordPress 4.8.25 platform using legacy jQuery versions, which introduces security risks. Google Analytics and Tag Manager are used for visitor tracking, but no privacy or cookie policies are present, indicating poor compliance with GDPR standards. Security posture is moderate with HTTPS enabled but lacking security headers and using vulnerable libraries. The absence of WHOIS data raises concerns about domain legitimacy and trustworthiness. Overall, the site provides relevant content but requires significant improvements in security, compliance, and technical modernization.

The website www.carezone.cz currently presents only minimal content, consisting solely of the domain name text with no additional information, metadata, or interactive elements. The absence of WHOIS registration data suggests that the domain may not be properly registered or is inactive, which severely limits the ability to assess the business or its legitimacy. Technically, the site lacks HTTPS, security headers, and any modern web technologies, indicating a very low level of digital maturity and security posture. There are no privacy or cookie policies, no contact information, and no evidence of compliance with GDPR or other regulations. Overall, the site appears to be either under construction, abandoned, or improperly configured, resulting in a very low trust and security rating.

E

eViz s.r.o.

penziony.cz

47

Penziony.cz is an established Czech online platform specializing in affordable accommodation listings including pensions, hotels, apartments, and cottages. Operated by eViz s.r.o., it targets travelers seeking budget-friendly lodging options across the Czech Republic. The website offers extensive listings with direct contact details to properties, facilitating user bookings and searches. Technically, the site is built on WordPress using the WP Rentals theme, integrating modern JavaScript libraries such as jQuery, Bootstrap, Algolia Places, and Mapy.cz APIs for enhanced user experience and search functionality. Security-wise, the site employs HTTPS and nonce tokens for form submissions, indicating a baseline security posture; however, it lacks comprehensive security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism, which may pose GDPR compliance risks. The absence of WHOIS data limits domain trust assessment, but the website content and business information appear professional and trustworthy. Overall, Penziony.cz presents a solid digital presence in the hospitality sector with room for improvement in privacy and security transparency.

S

Služby Boskovice, s.r.o.

boskovickestezky.cz

30

Boskovické stezky is a local sport and recreational facility based in Boskovice, Czech Republic, operated by Služby Boskovice, s.r.o. The website provides comprehensive information about the Boskovice trails, sportpark services, events, accommodation, and regional attractions. The target audience includes local residents and tourists interested in outdoor activities such as cycling and trail sports. The business operates primarily as a service provider for recreational activities with a focus on community engagement and regional tourism. Technically, the website uses a combination of jQuery and specialized map APIs from Mapy.cz to deliver interactive content. The site is moderately optimized for mobile devices and offers a good user experience with clear navigation and relevant content. However, the site lacks HTTPS, which is a significant security shortfall. There are no detected privacy or cookie policies, and no advanced security headers are implemented, which impacts the overall security posture. From a security perspective, the absence of HTTPS and security headers, combined with no visible incident response or vulnerability disclosure information, indicates a low to moderate security maturity level. The WHOIS data is unavailable, which raises concerns about domain registration legitimacy and trustworthiness. Despite these issues, the website content is safe, professional, and focused on general audience recreational services. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trust and protect user data. Verification of domain registration and implementation of HTTPS are critical to improving the website's credibility and security posture.

Česká alzheimerovská společnost, o.p.s. (ČALS) is a Czech non-profit organization established in 1997 dedicated to supporting people with dementia and their caregivers. The organization offers educational programs, certification, publications, and events to raise awareness and provide assistance. The website reflects a professional and consistent brand presence targeting patients, families, healthcare professionals, and donors. Technically, the site is built on Vizus CMS, uses Google Analytics for traffic measurement, and implements a cookie consent mechanism with granular controls. However, the absence of a privacy policy and terms of service pages, as well as missing WHOIS data, slightly reduce trustworthiness from a compliance and domain legitimacy perspective. Security posture is moderate with HTTPS enabled but lacking security headers and incident response information. Overall, the site is well-designed, accessible, and content-rich, serving its non-profit mission effectively.

VE-IT market, s.r.o. is a Czech Republic based small business specializing in internet marketing services, including web presentations, marketing support, video production, and PPC campaign management. The company targets local businesses and individuals seeking to enhance their online presence and marketing effectiveness. The website is built on WordPress and integrates common marketing tools such as Google Analytics and Adsense. The technical infrastructure is moderate with a dated WordPress version and basic SEO optimizations. Security posture is adequate with HTTPS enabled but lacks advanced security headers and up-to-date software versions. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website presents a professional image but requires improvements in security and compliance to enhance trust and reduce risk.

OSEL.CZ is a well-established Czech electronic magazine focused on popularizing science and research, operating since 2002. The website offers a broad range of science articles covering topics such as physics, biology, genetics, and general scientific curiosities, targeting a general audience interested in science and society. The business model relies on advertising revenue, primarily through Google Adsense, and community support. The site maintains a consistent brand presence with active content updates and author attributions, enhancing its credibility in the Czech media landscape. Technically, the website uses a mix of older and modern web technologies including jQuery 1.8.2, Google Fonts, Google Analytics, and Facebook SDK. While the site is mobile-optimized and has a good user experience, some outdated libraries present potential security risks. The hosting and domain registration are consistent and long-standing, indicating a stable infrastructure. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers such as Content Security Policy. No explicit security or incident response policies are published. Privacy compliance is basic with a privacy policy and cookie banner present, but no terms of service or vulnerability disclosure. Overall, the site is trustworthy but could improve security and compliance documentation. The overall risk is low to moderate. Strategic recommendations include updating outdated libraries, implementing stronger security headers, publishing security and incident response policies, and enhancing privacy compliance documentation to align with GDPR and best practices.

N

nevajgluj.cz |

nevajgluj.cz

46

The website nevajgluj.cz is a small-scale, relatively new website registered in 2022 under the Active24 registrar, hosted on servers with websupport.cz name servers. The site uses WordPress CMS with the Divi theme and loads Google Fonts for typography. The content is minimal and primarily technical, with no visible business descriptions, contact information, or detailed service offerings. The cookie policy is present with a consent mechanism, but no privacy policy or terms of service were found. No security headers or advanced security policies are detected, indicating a basic security posture. The site does not appear to use analytics or tracking services, and no social media or contact details are provided. Overall, the website appears to be in an early stage or possibly a personal or small business site with limited digital maturity and security measures.

Z

Internetové knihkupectví, prodej Audioknih ke stažení, více než 70.000 titulů skladem! | Záložka.cz

zalozka.cz

44

Záložka.cz is an established Czech online bookstore offering a wide range of over 70,000 titles including physical books, audiobooks, and e-books. The website targets general consumers interested in literature and educational materials, supported by a network of over 3,500 pickup points. Technically, the site employs a modern frontend stack with Bootstrap, Font Awesome, and Google Fonts, alongside multiple analytics and tracking tools such as Google Analytics, Microsoft Clarity, Facebook Pixel, and Smartlook. The site is served over HTTPS, ensuring encrypted communication, but lacks visible advanced security headers and explicit privacy or cookie policies, which are important for compliance and user trust. The absence of WHOIS data limits the ability to fully verify domain legitimacy, though the website content and structure suggest a legitimate retail business. Overall, the site provides a good user experience with clear navigation and a professional design, but improvements in privacy compliance and security posture are recommended.

K

KávaNaKlik.cz

kavanaklik.cz

48

KávaNaKlik.cz is a Czech Republic-based e-commerce website specializing in the sale of coffee and tea products. The site offers a curated selection of over 100 types of coffee and teas, providing customers with personalized coffee selection advice and home delivery services. The business model focuses on direct online retail to general consumers interested in specialty coffee and tea. The website presents a professional and consistent brand image with good content quality and user experience.

WebDesign Beroun is a small Czech Republic-based web design and development service provider specializing in creating new websites, redesigning existing ones, and programming custom online applications such as e-shops and portals. The company emphasizes design quality, usability, and ongoing content management, with a business history dating back to 1999. The website is professionally designed with clear navigation and integrates common web technologies including jQuery, Bootstrap, and Google Analytics. However, the absence of WHOIS registration data and privacy/cookie policies indicates areas for improvement in transparency and compliance. Security posture is moderate with HTTPS enabled but lacking security headers and formal policies. Overall, the website is safe, business-focused, and accessible without WAF or blocking mechanisms.

E

ePreselec by InfoJobs

epreselec.com

47

ePreselec by InfoJobs is a Spanish-based recruitment process management software provider offering an applicant tracking system designed to streamline and centralize candidate management. The company operates under the InfoJobs brand, indicating a strong market position within the recruitment technology sector in Spain. Their business model is SaaS-focused, targeting recruiters and HR professionals seeking efficient hiring solutions. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the site is built on WordPress with modern plugins and integrates advanced marketing and analytics tools such as Google Tag Manager and Segment Analytics. Security posture is solid with HTTPS enforced and domain locking, though DNSSEC is not enabled and no explicit security or incident response policies are published. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism via Didomi, aligning with GDPR requirements. Overall, the site demonstrates a mature digital presence with room for improvement in explicit security disclosures and DNS security.

T

Tomáš – platforma pro budoucnost podnikání

to-mas.cz

42

The website to-mas.cz is a newly launched business platform (established in 2023) aimed at helping entrepreneurs and business owners advance their ventures. It offers services such as a contact database, free online courses, and a grant search engine. The platform is built using modern web technologies including Nuxt.js and Bootstrap, and integrates Google Tag Manager for analytics purposes. The site demonstrates good design quality, mobile optimization, and clear navigation, making it user-friendly for its target audience. However, it lacks visible privacy and cookie policies, contact information, and explicit security policies, which are critical for compliance and trust. The domain registration is consistent and legitimate, matching the hosting provider Active24, indicating a credible business launch. Overall, the website shows promise but requires improvements in privacy compliance and security posture to enhance trust and regulatory adherence.

深圳市达妙科技有限公司是一家成立于2019年的中国科技公司，专注于智能电机及驱动解决方案，产品广泛应用于机器人及自动化领域。公司提供多款关节电机、轮毂电机及开发套件，面向机器人制造商和科技竞赛团队，拥有一定的市场认可度。技术基础包括使用主流前端库和自建CMS，网站设计专业且移动优化良好。安全方面，网站缺乏HTTPS支持和安全头，且未发现隐私政策或安全事件响应机制，存在一定安全风险。WHOIS信息缺失，域名注册状态不明，影响整体信任度。建议尽快部署HTTPS，完善隐私合规和安全策略，提升整体安全与合规水平。

S

shen zhen shi gong zhi yi ke ji you xian gong si

evercraft.co

44

EverCraft is a Chinese technology company specializing in engineering productivity tools, including version control software and online CAD visualization platforms. The company targets engineers and professionals requiring efficient file history management and CAD collaboration tools. Their product suite includes 追光Lite for file versioning, 追光看图 for CAD viewing and annotation, and 分形三维 for 3D CAD visualization. The company operates primarily in China, with hosting and domain registration consistent with local regulations and ICP licensing. Technically, the website is built using modern web technologies such as React and Next.js, hosted on Alibaba Cloud. The site is mobile-optimized and performs moderately well, though accessibility and SEO optimizations are basic. The site uses Baidu Analytics for user tracking but lacks visible cookie consent mechanisms or privacy policies, indicating room for improvement in privacy compliance. From a security perspective, the site uses HTTPS but lacks important security headers and DNSSEC is not enabled. No forms or sensitive data collection points were detected on the homepage, reducing immediate risk. However, the absence of published security policies, incident response contacts, and vulnerability disclosure mechanisms suggests a low maturity in security governance. Overall, the website is professional and trustworthy within its niche but would benefit from enhanced privacy compliance, security hardening, and clearer contact information to improve user trust and regulatory adherence.

F

FitRuha.hu

fitruha.hu

48

FitRuha.hu is a specialized e-commerce retailer focused on fitness apparel, offering a curated selection of well-known brands such as NEBBIA, MOTIVATED, ADIDAS, and others. The website targets fitness enthusiasts primarily in Hungary and nearby regions, providing fast delivery and customer-friendly policies including free returns. The business operates since 2015, positioning itself as a niche player in the fitness clothing market with a consistent brand presence and clear contact channels. Technically, the website employs a modern tech stack including jQuery, Google Tag Manager, Facebook Pixel, and other marketing and analytics tools. It uses a proprietary or custom CMS platform (Shopion.cz) and demonstrates good mobile optimization and SEO practices. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site enforces HTTPS and includes CSRF tokens in forms, alongside a comprehensive cookie consent mechanism compliant with GDPR. However, security headers like Content-Security-Policy and X-Frame-Options are not explicitly detected, suggesting potential areas for enhancement. No vulnerabilities or exposed sensitive data were found. Overall, the website presents a low-risk profile with strong privacy compliance and business credibility. Strategic recommendations include improving security headers, enhancing accessibility, and considering a formal vulnerability disclosure policy to further strengthen security posture.

The website www.blansko.eu serves as the official municipal and tourism portal for the town of Blansko in the Czech Republic. It provides visitors with information about local attractions, cultural sites, accommodation, and services, positioning itself as a gateway to the Moravian Karst region. The site targets tourists, families, and visitors interested in natural and historical sites, offering a well-structured and content-rich experience. The business model is focused on municipal information dissemination and tourism promotion, with a clear regional government affiliation. Technically, the website uses a combination of jQuery libraries, Google Tag Manager, and third-party APIs such as Mapy.cz for mapping services. The site includes a cookie consent mechanism compliant with GDPR requirements, although no explicit privacy policy or terms of service pages were found. The technical implementation is moderate with room for improvement in mobile optimization and accessibility. From a security perspective, the site lacks visible security headers and advanced configurations such as CSP or HSTS. HTTPS usage is assumed but not explicitly confirmed in the provided data. The absence of WHOIS data is due to EURid privacy policies and does not indicate suspicious activity. Overall, the security posture is average with recommendations to enhance header security and incident response readiness. The overall risk assessment is low to moderate, with the site appearing legitimate and professionally maintained. Strategic recommendations include implementing comprehensive privacy and security policies, improving technical security measures, and enhancing mobile and accessibility features to strengthen trust and compliance.

S

Sdružení Krajina

stopavkrajine.cz

45

Sdružení Krajina is a Czech non-profit organization dedicated to nature conservation and landscape management. Their website showcases various projects such as mowing wet meadows, restoring natural watercourses, and educational initiatives. The organization engages volunteers and local communities to preserve natural habitats. Technically, the website uses modern web technologies including Google Tag Manager, reCAPTCHA v3, Leaflet maps, and is likely powered by Perch CMS. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, HTTPS is used and reCAPTCHA protects forms, but explicit security headers and privacy policies are missing, indicating room for improvement. WHOIS data is unavailable, likely due to privacy protection, which is common for non-profits. Overall, the website is legitimate, informative, and safe, but could enhance compliance and security transparency.