High-risk security reports

Š

Škola kreativní fotografie s.r.o.

nauctesefotit.cz

44

Škola kreativní fotografie s.r.o. is a private photography school based in Prague, Czech Republic, offering a variety of photography courses, workshops, and certification programs primarily targeting photography enthusiasts and students preparing for art schools. The website is professionally designed using WordPress with modern plugins and technologies such as Yoast SEO and Google reCAPTCHA, ensuring a secure and user-friendly experience. However, the absence of WHOIS data and privacy/cookie policies indicates areas for improvement in transparency and compliance. The site demonstrates good security posture with HTTPS and form protections but lacks some security headers and formal privacy documentation. Overall, the business appears legitimate and well-established with a strong local presence and partnerships, though domain registration details should be clarified to enhance trust.

H

HESTIA

hest.cz

45

HESTIA is a Czech non-profit organization established in 2001, specializing in volunteer services, coordination, and educational programs. The website presents a well-structured platform offering multiple volunteer programs, corporate volunteering initiatives, and training courses. It targets volunteers, non-profit organizations, companies interested in corporate social responsibility, donors, and media. The organization maintains partnerships with government bodies and foundations, enhancing its credibility and market position within the Czech Republic's volunteer sector. Technically, the website uses a custom CMS (Toolkit) hosted by ECN Studio, with integration of Google Analytics and Google Tag Manager for visitor tracking. The site is mobile-optimized with good navigation and content quality. However, some technical improvements are recommended, including the implementation of security headers and enhanced accessibility features. From a security perspective, the site uses HTTPS (implied by external Google Analytics scripts loaded over HTTPS), has a cookie consent mechanism compliant with GDPR, and does not expose sensitive data. There is no visible security or incident response policy, and no contact emails or phone numbers are provided on the homepage, which could be improved for transparency and user trust. Overall, the website is professional, trustworthy, and serves its non-profit mission effectively. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and providing clearer contact information to improve user confidence and compliance posture.

E

ekolo.cz s.r.o.

ekolo.cz

47

Ekolo.cz s.r.o. operates a leading Czech e-commerce and physical retail platform specializing in electric bicycles and related accessories. Established in 2007, the company has built a strong market position with over 18 years of experience, offering a wide range of products including over 700 e-bike variants from 16 manufacturers. Their services include sales, rental, and servicing of e-bikes, targeting cycling enthusiasts and urban commuters primarily in the Czech Republic. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive product information. Technically, the site leverages modern JavaScript libraries such as Swiper.js, Google Tag Manager, and integrates security features like Google reCAPTCHA to protect user interactions. Hosting is inferred to be on DigitalOcean with CDN support for performance. Security posture is strong with HTTPS enforced and secure form handling, though some HTTP security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR adherence, and consent mechanisms. Contact information is transparent and includes multiple channels. Overall, the site demonstrates high professionalism, trustworthiness, and digital maturity.

M

Městská část Praha 4

praha4.cz

45

Městská část Praha 4 operates as the official municipal government website for the Prague 4 district in the Czech Republic. It provides residents and visitors with comprehensive information on local government services, news, events, and public resources. The site targets local citizens and stakeholders, offering key services such as online forms, contact directories, event calendars, and public announcements. The website is well-positioned as a trusted source of municipal information with a consistent brand and clear communication channels including social media integration. Technically, the website is built on legacy ASP.NET WebForms technology with Telerik UI components and uses older versions of jQuery. It employs security scripts like Barracuda and FingerprintJS for visitor identification and basic protection. Hosting and domain registration are managed by Active24, a reputable provider. Performance and mobile optimization are moderate, with room for modernization and improved accessibility. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, but lacks modern security headers such as CSP and X-Frame-Options. The use of outdated JavaScript libraries presents potential vulnerabilities. No explicit security or incident response policies are published. Overall, the security posture is adequate but could benefit from updates and enhanced controls. The domain WHOIS data is consistent with the website's municipal nature, showing a long-established registration since 1998 without privacy protection, reinforcing legitimacy. No suspicious or malicious content was detected, and the site is safe for general audiences. Strategic recommendations include updating technical components, enhancing security headers, and improving privacy and accessibility compliance to strengthen trust and resilience.

O

Open House Europe

openhouseeurope.org

47

Open House Europe is a non-profit cultural organization founded in 2023 and coordinated by the Public institution Architektūros fondas in Lithuania. It operates a network of architecture festivals across Europe, focusing on themes such as sustainability, accessibility, inclusion, and future heritage. The organization engages the public through events, volunteer programs, and annual summits, supported by European cultural funding and media partnerships. The website reflects a professional and consistent brand presence with rich content targeting architecture enthusiasts and the general public interested in urban heritage. Technically, the website is built on WordPress with modern technologies including Bootstrap, jQuery, and Lottie animations. It uses Yoast SEO for optimization and integrates Google Analytics and MailerLite for marketing and analytics. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. From a security perspective, the site uses HTTPS with a valid SSL certificate and employs secure form handling with nonce tokens. However, DNSSEC is not enabled, and security headers are not explicitly detected. There is no visible security or incident response policy, and no cookie consent mechanism is implemented, which may impact GDPR compliance. The WHOIS data is consistent with the organization's claims, showing a legitimate and recently registered domain. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation but could improve in privacy compliance and security best practices to enhance trust and regulatory adherence.

D

DRUŠTVO CRVENOG KRIŽA ZAGREBAČKE ŽUPANIJE

dck-zagrebacka-zupanija.hr

45

The website represents the Croatian Red Cross Society of Zagreb County, a regional non-profit organization dedicated to humanitarian aid, blood donation, and volunteering. It serves the general public in Zagreb County and provides information and services aligned with the Red Cross mission. The site is built on a WordPress platform using modern themes and plugins, including Elementor and Modern Events Calendar Lite, indicating a moderate level of digital maturity. Accessibility features and GDPR-compliant cookie consent mechanisms are implemented, reflecting attention to user experience and privacy. Security posture is good with HTTPS enabled and no visible vulnerabilities, though some security headers could be improved. Overall, the site is trustworthy and professionally maintained, with clear branding and consistent content.

D

Društvo Crvenog križa Varaždinske županije

dck-vz.hr

44

Društvo Crvenog križa Varaždinske županije is a regional branch of the Croatian Red Cross, providing humanitarian aid, first aid training, blood donation campaigns, and volunteer coordination primarily for the Varaždin County community. The website is built on WordPress with common plugins such as Yoast SEO and Contact Form 7, featuring a modern design and good mobile responsiveness. Security posture is solid with HTTPS enforced and Google reCAPTCHA protecting forms, though additional HTTP security headers could improve defenses. Privacy compliance is evident with a cookie consent banner and a privacy policy page aligned with GDPR requirements. Contact information including emails, phone, and physical address is clearly presented, enhancing business credibility.

H

Hrvatski Crveni križ Društvo Crvenog križa Osječko-baranjske županije

dckobz.hr

48

Hrvatski Crveni križ Društvo Crvenog križa Osječko-baranjske županije is a regional humanitarian non-profit organization operating in Croatia's Osječko-baranjska županija. The organization focuses on community support, youth engagement, first aid training, disaster response, blood donation, and social welfare activities. Their website reflects a well-structured and content-rich platform that communicates their mission, projects, and news effectively to the general public and stakeholders. The organization maintains a consistent brand presence and provides multiple contact channels including email, phone, and a contact form, supported by active social media profiles.

H

Hrvatski Crveni križ - Gradsko društvo Crvenog križa Čakovec

crveni-kriz-cakovec.hr

45

The website www.crveni-kriz-cakovec.hr represents the Gradsko društvo Crvenog križa Čakovec, a local branch of the Croatian Red Cross. It provides humanitarian services including blood donation campaigns, volunteer coordination, social and health programs, and emergency response. The organization is well-established with a domain registered since 2009 and operates primarily in Croatia. The website targets the general public, volunteers, and vulnerable groups within the region. Technically, the site is built on WordPress with a modern plugin ecosystem, including accessibility and cookie consent tools, ensuring compliance with GDPR and accessibility standards. Security posture is good with HTTPS enforced and cookie consent mechanisms, though additional security headers could enhance protection. The site uses Google Analytics for user tracking with moderate privacy compliance. Overall, the website is professional, trustworthy, and serves as a reliable information and engagement platform for the Croatian Red Cross local branch.

D

Društvo Crvenog križa Krapinsko-zagorske županije

dckkzz-krapina.hr

36

Društvo Crvenog križa Krapinsko-zagorske županije is a regional non-profit humanitarian organization serving the Krapinsko-zagorska County in Croatia. The organization coordinates local Red Cross societies and provides key services such as blood donation campaigns, social welfare activities, emergency response, and addiction prevention programs. It also manages EU-funded projects to enhance its infrastructure and outreach. The website reflects a well-structured and content-rich platform that supports community engagement and transparency. Technically, the website is built on WordPress 6.8.1 with a modern tech stack including jQuery and several plugins for event management and content display. The site is mobile-optimized and uses HTTPS, ensuring secure communication. However, some security headers are not explicitly detected, and there is no cookie consent mechanism, which could be improved for better privacy compliance. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and nonce usage in AJAX calls. The absence of exposed sensitive data and vulnerabilities in the visible content is positive. The WHOIS data is privacy protected, which is common for non-profits, but limits transparency. No incident response or security policies are published, which could be a gap in organizational security posture. Overall, the website is professional, trustworthy, and serves its community well. Strategic improvements in privacy compliance and security headers would enhance its security posture and regulatory adherence.

S

Saunia AT, s.r.o.

saunia.at

42

Saunia AT, s.r.o. is preparing to launch its Austrian website as an extension of the established Saunia wellness brand from the Czech Republic. The current website is a placeholder with minimal content, primarily targeting investors and redirecting users to the Czech site. The business focuses on wellness and sauna services, aiming to establish a presence in Austria. Technically, the site uses basic web technologies including jQuery and Slick carousel, with moderate performance and basic mobile optimization. Security posture is limited with no advanced headers or policies published, and privacy compliance is minimal due to absence of privacy and cookie policies. Overall, the site is functional but lacks comprehensive content and security features, reflecting an early stage of digital maturity.

Veganopolis is a Croatian non-profit online platform operated by the association Prijatelji životinja, dedicated to promoting veganism and plant-based lifestyles. The website offers a variety of community and educational services including a vegan product guide, a 30-day vegan challenge, vegan buddy support, nutritionist advice, cooking workshops, and vegan restaurant listings. The target audience is primarily Croatian-speaking individuals interested in veganism and animal rights. The platform positions itself as a niche non-profit resource with a focus on community engagement and education. Technically, the website uses a traditional tech stack including jQuery 1.10.2, Bootstrap, and Google Fonts. It is mobile optimized with good navigation and content quality, though some technologies are outdated. No CMS or hosting provider details are evident. The site lacks advanced security headers and explicit privacy or terms of service pages, though it includes a cookie consent banner. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed), employs POST methods for forms, and does not expose sensitive data. However, the absence of security headers and use of an outdated jQuery version present moderate risks. The WHOIS data is missing or indicates the domain is unregistered, which is inconsistent with the active website and raises concerns about domain legitimacy. Overall, the security posture is moderate but could be improved with better policies and technical controls. The overall risk is moderate with recommendations to verify domain registration status, implement security headers, update libraries, and publish privacy and security policies. The site is safe for general audiences and serves a clear non-profit mission with good business credibility.

AnimaList is a Croatian non-profit newsletter platform operated by the animal rights association Prijatelji životinja. The website focuses on promoting veganism, animal welfare, and environmental sustainability through educational content, activism updates, and event announcements. The organization targets animal rights advocates and environmentally conscious individuals primarily in Croatia. Technically, the site is built on WordPress with common plugins and uses HTTPS, but lacks advanced security headers and privacy compliance features such as a privacy policy or cookie consent. The WHOIS data is privacy protected, which is typical for non-profits, but limits transparency. Overall, the website is functional, content-rich, and trustworthy but could improve in privacy compliance and security best practices.

E

European Coalition to End Animal Experiments (ECEAE)

eceae.org

48

The European Coalition to End Animal Experiments (ECEAE) is a well-established non-profit umbrella organization founded in 1990, representing 18 animal protection and scientific organizations across Europe. Their mission focuses on abolishing animal experiments and promoting humane, animal-free research methods. The organization holds a recognized position with official stakeholder status in several EU bodies, enhancing their influence in policy and advocacy. The website reflects this mission with clear, relevant content targeted at animal welfare advocates, researchers, and policymakers. Technically, the website is built on Joomla CMS with a modern and responsive design, delivering a good user experience across devices. The infrastructure is moderate in performance, with no blocking or WAF challenges detected. However, some security best practices such as DNSSEC and security headers are missing, and no cookie consent mechanism is implemented, which is a compliance gap given GDPR relevance. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks published security policies or incident response contacts. The WHOIS data is transparent and consistent with the organization's identity and location, supporting legitimacy. Overall, the site is professional and trustworthy but could improve privacy compliance and security hardening. Strategic recommendations include enabling DNSSEC, implementing security headers, adding cookie consent for GDPR compliance, and publishing security and incident response policies to enhance trust and compliance.

E

Eurogroup for Animals

eurogroupforanimals.org

49

Eurogroup for Animals is a pan-European non-profit advocacy organization dedicated to improving animal welfare and defending animal interests across Europe. The website serves as a platform to communicate their mission, campaigns, and policy initiatives to a broad audience including NGOs, policymakers, and the general public interested in animal welfare. The organization positions itself as a key voice in European animal advocacy with a focus on policy influence and public awareness. Technically, the website is built on Drupal 10, leveraging modern web technologies including Font Awesome for icons, Google Tag Manager for analytics, and Cookiebot for cookie consent management. The site demonstrates good digital maturity with mobile optimization, accessibility features, and a cookie consent mechanism that complies with GDPR requirements. Performance is moderate, with room for optimization. From a security perspective, the site uses HTTPS and implements cookie consent with granular user controls. However, explicit security headers like Content-Security-Policy and X-Frame-Options were not detected in the provided data, suggesting an area for improvement. No vulnerabilities or exposed sensitive data were found. The WHOIS data is unavailable or privacy protected, which is typical for non-profit organizations and does not raise immediate concerns. Overall, the website is professional, trustworthy, and compliant with privacy regulations, though it would benefit from enhanced security header implementation and clearer contact information. The risk profile is low, with no critical issues detected.

E

European Vegetarian Union

euroveg.eu

48

The European Vegetarian Union (EVU) is a well-established non-profit organization representing vegetarian and vegan associations across Europe. It focuses on advocacy, policy influence, and promoting plant-based diets with a clear emphasis on sustainability, health, and consumer protection. The website serves as a central hub for information, membership coordination, and news related to plant-based food systems in the EU. Technically, the site is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. The presence of Matomo and Google Analytics shows moderate user tracking for analytics purposes. Security-wise, the site employs HTTPS and several security headers, but lacks publicly available security policies or incident response information. Privacy compliance is incomplete due to missing privacy and cookie policies. Overall, the site is professional, trustworthy, and serves its niche audience effectively, though it would benefit from enhanced privacy disclosures and direct contact information.

A

Artur Kiulian

arturkiulian.com

45

Artur Kiulian's website presents a professional and well-structured digital presence focused on entrepreneurship, artificial intelligence, and machine learning. The business operates as a venture studio partner and non-profit supporter for startups, with additional activities including authoring books and speaking engagements. The site leverages modern web technologies such as Webflow CMS and integrates Google Analytics for tracking. The content is rich, relevant, and targeted primarily at entrepreneurs and business leaders interested in AI applications. However, the absence of WHOIS registration data raises concerns about domain legitimacy, although the website content itself is consistent and trustworthy. Security posture is moderate with HTTPS implied but lacking explicit security headers and published policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional and professional but would benefit from enhanced transparency and security practices.

A

Artha Platform | Rianta Capital Zurich

arthaimpact.com

47

Artha Impact operates as an impact investing network and platform focused primarily on social ventures in India, with a history dating back to 2007 as part of Rianta Capital advising the Singh Family Trust. The platform facilitates collaboration and capital deployment among investors, entrepreneurs, and support organizations through an invite-only online network and associated SaaS offerings. The website presents a professional and consistent brand image with clear navigation and comprehensive content about its mission, sectors of interest, and partner ecosystem. Technically, the site is built on WordPress using modern libraries such as Bootstrap and jQuery, with integration of Google Analytics, Tag Manager, and Microsoft Clarity for analytics and tracking. Security posture is generally good with HTTPS enforced, but lacks DNSSEC and explicit security headers. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. No contact emails or phone numbers are explicitly listed, which may impact direct communication. Overall, the domain registration data is consistent and legitimate, supporting the credibility of the business.

L

Luxembourg - Let's Make It Happen (LMIH)

lmih.lu

47

Luxembourg - Let's Make It Happen (LMIH) is an official government-backed platform designed to inspire and connect actors involved in promoting Luxembourg internationally. The website offers a rich selection of multimedia tools, branding guidelines, and partnership opportunities to support the promotion of Luxembourg's values and talents. It targets both national and international audiences including ministries, public administrations, businesses, and associations. The platform is positioned as a central resource for Luxembourg's national branding efforts, leveraging modern web technologies and a multilingual approach to maximize reach and engagement. Technically, the website is built on WordPress 6.8.1 with a modern tech stack including Yoast SEO, jQuery, Select2, Swiper.js, and Matomo analytics for privacy-conscious tracking. It employs HTTPS with good SSL configuration and integrates Google reCAPTCHA v2 for form security. Accessibility features and SEO optimizations are well implemented, contributing to a positive user experience across devices. However, explicit privacy and cookie policy pages are not detected in the provided content, which is a compliance gap. From a security perspective, the site follows best practices such as HTTPS enforcement and CAPTCHA protection on forms. The use of Matomo analytics and Axeptio cookie consent indicates a privacy-aware approach. Nonetheless, the absence of security headers and vulnerability disclosure policies suggests room for improvement in security posture. No vulnerabilities or suspicious activities were detected in the analysis. Overall, the website presents a professional, trustworthy, and well-structured platform aligned with its government branding mission. Strategic recommendations include publishing comprehensive privacy and cookie policies, implementing security headers, and establishing a vulnerability disclosure mechanism to enhance compliance and security maturity.

R

Ruskon kunta

rusko.fi

49

Ruskon kunta is the official municipal government entity for the Rusko region in Finland, providing a comprehensive digital platform for residents and stakeholders. The website offers extensive information on local government services, community events, employment, education, and wellbeing. It serves as a key communication channel for municipal announcements and public engagement. The technical infrastructure is based on a modern WordPress CMS with integrated SEO and accessibility features, hosted with Azure DNS and secured with DNSSEC and HTTPS. The site demonstrates good privacy compliance with clear cookie consent mechanisms and a comprehensive privacy policy. Security posture is strong with no critical vulnerabilities detected, although some security headers could be enhanced. Overall, the website is trustworthy, professionally maintained, and aligned with the official registrant data, reflecting a mature and credible municipal digital presence.

Ultimira T:mi is a small Finnish business with a minimal online presence, primarily providing contact information through its website. The company appears to be established since 2000, indicating a long-standing operation, but the website content is very limited, lacking detailed business descriptions or service listings. The market position is likely local and niche, with no visible digital marketing or social media engagement. Technically, the website is very basic, with no detected CMS, frameworks, or modern technologies, and lacks mobile optimization and accessibility features. Security posture is weak due to absence of HTTPS and security headers, and no privacy or cookie policies are present, indicating non-compliance with GDPR and modern web standards. Overall, the website presents a low digital maturity and limited trust signals, which could impact customer confidence and growth potential.

C

Creamailer Oy

creamailer.fi

49

Creamailer Oy is a Finnish technology company specializing in AI-powered communication tools that integrate newsletters, surveys, and event communications into a single platform. Positioned as a cost-effective and reliable solution in the Finnish market, Creamailer targets organizations seeking efficient and scalable communication solutions. The website demonstrates a mature digital presence with modern technologies such as Google Tag Manager, Cookiebot for consent management, and Visual Website Optimizer for A/B testing and analytics. The site is well-structured, mobile-optimized, and provides comprehensive content including customer testimonials and certifications that enhance trust. Security posture is solid with HTTPS and secure form handling, though explicit security policies and incident response contacts are not published. Overall, the website reflects a professional and trustworthy business with good privacy compliance and user experience.

A

aria-studio.cz

aria-studio.cz

43

Aria-Studio.cz is a small Czech web design and development studio operated by Pavel Kovanda and Aleš Rubáš, offering services including web presentation creation, graphics, and web programming. The business has been active since 2004 and targets small businesses and individuals seeking professional web presence solutions. The website is built on WordPress using the Fluida theme and Elementor page builder, reflecting a moderate level of technical maturity with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks security headers and formal privacy/cookie policies, indicating room for compliance improvement. WHOIS data is unavailable, which reduces domain trustworthiness, but the website content and business information appear consistent and professional. Overall, the site presents a trustworthy small business with a solid digital presence but should address privacy and security best practices to enhance compliance and trust.

A

Associazione Trasvolatori Atlantici

trasvolatoriatlantici.it

40

The Associazione Trasvolatori Atlantici website serves as the official online presence for a small non-profit association focused on the history and commemoration of transatlantic aviators. The site provides historical content, galleries, and information about cruises and events related to aviation history. The business model is cultural and educational, targeting enthusiasts and members of the association. The website is built on Joomla! CMS with the JA T3 Framework, indicating a moderate level of technical maturity but with basic design and content quality. Security posture is adequate with HTTPS and DNSSEC enabled, but lacks security headers and privacy compliance documentation. No contact information or forms are present, limiting user engagement and trust signals. Overall, the site is functional but could benefit from enhanced privacy, security, and user experience improvements.

O

On Stéitsch

onsteitsch.lu

48

On Stéitsch is an annual cultural and art festival organized by the Luxembourg National Youth Service, targeting young people under 30 years old. The website serves as an official platform to promote the event, providing information about dates, participation, and past editions. It is positioned as a government-affiliated event with a focus on youth culture and arts. The site uses WordPress CMS with plugins such as Yoast SEO and Ninja Forms, indicating a moderate level of digital maturity and standard web infrastructure. The technical setup includes modern JavaScript libraries and responsive design elements, ensuring good user experience across devices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though additional security headers could enhance protection. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website reflects a trustworthy and professional government event site with good compliance to privacy regulations. The lack of WHOIS data limits domain registration insights, but the site’s content and branding strongly support its legitimacy.

A

Aittakoodi Oy

synergybus.fi

44

SynergyBus, operated by Aittakoodi Oy, is a Finnish web platform specializing in connecting taxi and bus companies with customers seeking chartered transportation services. The platform aggregates over 15,000 annual booking requests, positioning itself as a leading service in the Finnish transportation sector. The website offers features such as daily email notifications of new requests, the ability to advertise available fleet capacity, and tools to foster long-term customer relationships. The business targets transportation operators and customers within Finland, emphasizing efficiency and market reach.

P

PoriExpress

poriexpress.fi

48

PoriExpress is a Finnish regional transportation company specializing in affordable bus travel primarily between Pori and Helsinki, as well as seasonal travel packages to Lapland (Ylläs). The company targets general consumers seeking economical and convenient bus travel options and related accommodation services through partnerships. The website is professionally designed using WordPress with modern SEO and content management plugins, providing a good user experience and clear navigation. Technical infrastructure is solid with HTTPS and standard WordPress technologies, though some security headers are missing. Contact information is clearly provided, but privacy compliance could be improved with cookie consent mechanisms and more detailed security policies. Overall, the site is trustworthy and well-positioned in its niche.

H

Hartman Videoproducties

hartmanvideo.nl

34

Hartman Videoproducties is a small media production company based in the Netherlands, specializing in video production, photography, livestreaming, and videopodcasts. The company presents a professional online presence with a well-structured WordPress website built using Elementor, showcasing their services and portfolio. The domain is relatively new, registered in 2022, consistent with the business's founding date, and secured with DNSSEC and HTTPS. However, the website lacks critical compliance elements such as privacy and cookie policies, which are essential for GDPR adherence. No incident response or security policies are published, and no analytics or tracking tools are detected, indicating a minimal data collection approach. Contact information is clearly provided, enhancing business credibility.

I

Ingroup

ingroup.lu

48

Ingroup is a prominent marketing and digital solutions provider based in Luxembourg, operating through multiple specialized brands that offer comprehensive communication, advertising, branding, media, and distribution services. The company positions itself as a major player in the Greater Region, targeting businesses seeking to maximize their visibility and impact through integrated 360° solutions. The website reflects a professional and consistent brand image with clear navigation and regularly updated news content. Technically, the site is built on WordPress with modern plugins and libraries, hosted by OVH, and optimized for mobile and SEO. Security measures include HTTPS, Google reCAPTCHA on contact forms, and a robust cookie consent mechanism, although some security headers and policies could be improved. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

T

Technoport SA

technoport.lu

45

Technoport SA is a Luxembourg-based business incubator focused on supporting innovative and technology-oriented startups. The company provides incubation programs, event spaces, and participates in European and international projects to foster entrepreneurship and innovation. The website reflects a professional and consistent brand presence targeting entrepreneurs and startups seeking support and networking opportunities. The technical infrastructure relies on established but somewhat dated technologies such as jQuery 1.x and Bootstrap 3.x, hosted on Amazon AWS infrastructure, indicating a stable but potentially improvable digital maturity. Security posture is moderate with HTTPS usage assumed but lacking visible security headers and using outdated JavaScript libraries, which could expose the site to vulnerabilities. Privacy compliance is weak due to the absence of privacy and cookie policies, which is a notable gap given GDPR requirements. Overall, the website is functional, trustworthy, and business credible but would benefit from technical and compliance enhancements.

O

OCA Luxembourg

oca.lu

41

OCA Luxembourg is a professional insurance brokerage firm operating in the Grand Duchy of Luxembourg, providing tailored insurance solutions for both professionals and individuals. The company offers a range of services including professional insurance, personal insurance, and specialty insurance products such as Lifestyle & Fine Art, construction guarantees, and coverage for European officials and sports professionals. The website reflects a well-structured and professional digital presence with clear navigation and relevant content targeting Luxembourg-based clients. Technically, the website employs modern web technologies including Bootstrap, jQuery, and specialized plugins like Revolution Slider and tarteaucitron for cookie consent management. The site is mobile-optimized and demonstrates good SEO practices, although some improvements in accessibility and security headers could enhance its technical maturity. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, indicating awareness of privacy regulations such as GDPR. However, the absence of visible security headers and incident response information suggests room for improvement in security posture. The lack of WHOIS data limits the ability to fully verify domain legitimacy, but the professional content and business registration number lend credibility. Overall, the website presents a trustworthy and professional image suitable for its business domain, with moderate technical and security maturity. Strategic enhancements in security headers, incident response transparency, and WHOIS data availability would strengthen trust and compliance.

J

JT-Line Oy

jt-line.fi

45

JT-Line Oy is a Finnish small-sized transportation company specializing in ferry and charter cruise services in the Helsinki archipelago. The company operates authentic paddle steamer ferries and water buses, emphasizing sustainable travel by using renewable biofuels and promoting inclusivity. Their market position is niche but well-defined, targeting tourists, families, and groups seeking maritime experiences in the Helsinki region. The website reflects a professional and consistent brand image with clear service offerings and certifications such as Sustainable Travel Finland and Ekokompassi. Technically, the site is built on WordPress with modern SEO and analytics tools integrated, including Google Tag Manager and Facebook Pixel, supported by a GDPR-compliant cookie consent mechanism. Security posture is good with HTTPS enforced, though some security headers could be improved. No critical vulnerabilities or blocking mechanisms were detected, and privacy compliance is well addressed. Contact information is comprehensive, supporting business credibility.

M

Miamo

miamo.cz

49

Miamo is a Czech ice cream brand that blends traditional production methods with innovative flavors and modern design, targeting a broad audience of ice cream lovers. The brand is supported by TIPAFROST, a significant Czech ice cream manufacturer, indicating a solid manufacturing and distribution foundation. The website presents a professional and user-friendly interface with clear navigation, detailed product offerings, and active social media engagement. Technically, the site is built on WordPress using popular plugins for forms and GDPR compliance, with moderate performance and good mobile optimization. Security posture is generally strong with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit incident response policies. The absence of WHOIS data is a notable concern, reducing domain trustworthiness and suggesting the need for further verification. Overall, the site is well-positioned in its market segment but could improve transparency and security practices.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

46

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

The website nitko.info is a personal portfolio and creative expression platform for Ervin Poljak, featuring poetry, stories, family projects, and other artistic content. It targets a general audience interested in literary and cultural works. The site is small-scale and primarily serves as a personal showcase rather than a commercial business. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, jQuery, and integrates Google Analytics, Google Tag Manager, and Mixpanel for visitor tracking. It is built on the Galaksija CMS and hosted under a domain registered with privacy protection. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak, with no visible HTTPS enforcement or security headers, and no privacy or cookie policies present, indicating poor privacy compliance. The WHOIS data shows a domain age consistent with the site's stated founding year and a registrant country matching the website language, supporting legitimacy. Overall, the site is safe for general audiences but requires significant improvements in security and privacy compliance to enhance trust and protection.

The website ekoart.info is currently inaccessible beyond a minimal 404 Not Found error page, providing no business content, metadata, or user interaction elements. The domain WHOIS data is inconsistent, showing a creation date in the future (January 22, 2025), which raises concerns about the legitimacy and operational status of the domain. There is no evidence of privacy policies, cookie consent mechanisms, contact information, or security policies on the site. Technically, the site lacks any detectable technologies, scripts, or frameworks and does not implement DNSSEC or advanced security headers. The hosting provider is the domain registrar REG.RU LLC, but no further hosting details are available. Overall, the site appears inactive or placeholder with very low trustworthiness and business credibility.

A

Association Luxembourg Alzheimer

ala.lu

45

Association Luxembourg Alzheimer is a well-established non-profit organization based in Luxembourg, dedicated to supporting people affected by dementia and their families. The organization offers a comprehensive range of services including counseling, a 24/7 helpline, ambulatory care, day centers, and a specialized care home. Their website reflects a strong commitment to accessibility and user support, with multilingual options and detailed service information. The organization maintains an active presence on social media platforms such as Facebook, LinkedIn, and Instagram, enhancing community engagement and outreach. Technically, the website is built on WordPress with modern plugins like Yoast SEO and accessibility tools, ensuring good SEO and compliance with accessibility standards. The site uses Matomo for analytics, indicating a privacy-conscious approach to user tracking. Performance and mobile optimization are good, though some improvements could be made in hosting transparency and performance metrics. From a security perspective, the site enforces HTTPS and provides a cookie consent mechanism with granular user control, aligning with GDPR requirements. However, it lacks published privacy policies, terms of service, and explicit security or incident response policies, which are important for compliance and user trust. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and well-aligned with its mission, but would benefit from enhanced privacy and security disclosures to improve compliance and user confidence.

The website hsl.fi represents HSL Helsingin seudun liikenne, the Helsinki Regional Transport Authority responsible for public transportation services in the Helsinki metropolitan area. The domain is registered consistently with the organization's identity and has been active since 2009, aligning with the business history. However, the website content is currently inaccessible due to a Cloudflare Turnstile human verification challenge, preventing direct content analysis. This limits visibility into the site's privacy policies, contact information, and user experience. The technical infrastructure includes Cloudflare as a security and performance provider, indicating a modern approach to web delivery and protection. Security posture is difficult to fully assess due to the blocking, but the use of Cloudflare suggests baseline protections are in place. Overall, the site is legitimate and trustworthy based on WHOIS data and domain age, but the current access restrictions significantly reduce the ability to evaluate content quality, privacy compliance, and security details.

P

Planet Zemlja

planet-zemlja.hr

39

Planet Zemlja is a Croatian non-profit organization dedicated to environmental awareness, personal ecology, and ecological news dissemination. The website serves as a community platform offering news articles, event announcements, photo and video galleries, and educational content related to ecology. The target audience is the general public interested in environmental issues within Croatia. The business model is informational and community-driven without evident commercial transactions. Technically, the site uses a custom PHP-based CMS with jQuery and various plugins for RSS feeds, weather, and media galleries. External integrations include Google Analytics and Facebook SDK for tracking and social media engagement. However, the site lacks HTTPS on its main URLs, which is a significant security concern. Security headers are absent, and no advanced security or privacy compliance mechanisms are evident. Contact information is limited to forms without explicit emails or phone numbers. Overall, the site is functional but requires modernization and security improvements.

W

Wiener Städtische Versicherungsverein

airt.at

48

The website www.airt.at represents the cultural exhibition series "Architektur im Ringturm" managed by the Wiener Städtische Versicherungsverein, part of the Vienna Insurance Group. It serves as a platform to showcase architectural and cultural exhibitions primarily focused on Central and Eastern Europe. The site offers detailed information about current and past exhibitions, architecture talks, and historical context of the Ringturm building. It targets architecture and culture enthusiasts and operates as a free-entry exhibition series supported by sponsorships. Technically, the site is built on WordPress with modern plugins and libraries, including multilingual support and spam protection via Google reCAPTCHA. The website demonstrates good digital maturity with responsive design, SEO optimization, and accessibility considerations. Security posture is solid with HTTPS enforced and spam prevention on forms, though some security headers could be improved. Privacy compliance is strong, featuring a comprehensive privacy policy, cookie consent banner with opt-in, and GDPR-aligned data collection practices. Overall, the site is professional, trustworthy, and well-maintained, reflecting the reputable parent organization. No critical security or compliance issues were detected.

F

Fiva Events

fivaevents.com

48

Fiva Events operates as a niche platform dedicated to classic and historic vehicle events, providing event listings and application forms primarily for enthusiasts and organizers within this specialized community. The website presents a professional and consistent brand image with a focus on user-friendly event search and application functionalities. Technically, the site leverages modern frontend technologies such as Alpine.js and Laravel Livewire, ensuring a responsive and interactive user experience. The presence of HTTPS and reCAPTCHA integration indicates a baseline commitment to security, although the absence of comprehensive security headers and privacy policies suggests room for improvement in compliance and protection measures. The lack of publicly available WHOIS data raises questions about domain registration transparency, which could impact trustworthiness. Overall, the site is functional and well-designed but would benefit from enhanced privacy compliance and clearer business contact information to strengthen credibility and user trust.

IRTA d.o.o. is a medium-sized regional tourism development agency based in Istria, Croatia, established in 2004. The company manages official tourism portals, contact and sales centers, and develops cultural and outdoor tourism products to promote the Istrian region. Their market position is strong within the regional tourism sector, serving tourists and local businesses with comprehensive information and services. Technically, the website uses a custom CMS with modern JavaScript libraries and Google services, but lacks HTTPS which is a significant security gap. The privacy policy is comprehensive and GDPR compliant, with a named data protection officer, reflecting good privacy awareness. However, the absence of HTTPS and security headers lowers the security posture. Overall, the site is professional and trustworthy but requires security improvements to align with best practices.

The website zhuk.cc is a personal blog primarily focused on technology topics, especially Joomla extensions, Oracle, Java, and various hobbies. It serves a niche audience of developers and technology enthusiasts interested in Joomla components and related software. The site offers technical articles, extension releases, and community forums, positioning itself as a resource hub for Joomla users. The business model revolves around content publishing and software extension distribution, with demonstration sites and forums supporting user engagement. Technically, the site is built on WordPress 6.8.1 using the Total theme and incorporates multiple JavaScript libraries such as jQuery, Owl Carousel, and Font Awesome. The platform is moderately optimized for performance and mobile use, with basic SEO and accessibility features. The site is fully accessible over HTTPS, indicating good SSL configuration, but lacks advanced security headers and privacy compliance mechanisms. From a security perspective, the site shows a moderate security posture with HTTPS enabled and no exposed sensitive data. However, it lacks explicit security headers, privacy and cookie policies, and incident response contacts, which are important for compliance and trust. No WAF or blocking mechanisms are detected, and the site content is safe for general audiences with no adult or questionable material. Overall, the site is a well-maintained personal technology blog with good content quality and business credibility but has room for improvement in privacy compliance and security best practices. Strategic recommendations include implementing privacy and cookie policies, adding security headers, and providing clear contact information for security incidents to enhance trust and compliance.

N

Naturpark Landseer Berge

landseer-berge.at

46

Naturpark Landseer Berge is a regional nature park located in Austria, focusing on promoting tourism, cultural heritage, and outdoor recreational activities. The website serves as an informational portal providing details about the park's attractions, events, and regional highlights. The target audience includes tourists, families, and nature enthusiasts interested in exploring the area. Technically, the site is built on the Worldsoft CMS platform and uses legacy JavaScript libraries such as jQuery 1.12.4 and jQuery UI 1.12.1, which may pose security risks. The website is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing critical security headers and using outdated libraries. No privacy or cookie policies are present, indicating compliance gaps. Overall, the site is functional and informative but requires updates to improve security, privacy compliance, and technical modernization.

X

Xplore Fitness Na Příkopě

xplorefitness.cz

47

Xplore Fitness Na Příkopě is a prominent fitness center located in the heart of Prague, offering a wide range of fitness and wellness services including gym facilities, group classes, martial arts, and additional amenities such as solariums and massages. The business positions itself as the largest and most modern fitness center in Prague's city center, targeting fitness enthusiasts and the general public. The website is professionally designed, content-rich, and provides clear navigation and multilingual support (Czech and English). The company maintains active social media channels and regularly updates its content with news and events. Technically, the site is built on WordPress with several plugins for enhanced user experience and analytics integration. However, the WordPress version is outdated, posing potential security risks. The site employs HTTPS and cookie consent mechanisms, demonstrating good privacy compliance. Security policies and incident response information are not explicitly published, representing an area for improvement. Overall, the website is trustworthy, well-maintained, and compliant with GDPR requirements.

Y

Úvod | Yankeesvicky.cz

yankeesvicky.cz

46

The website www.yankeesvicky.cz is a small-scale e-commerce platform focused on retailing Yankees sports merchandise primarily targeting the Czech Republic market. The site features basic content and design, with a functional user interface and mobile optimization. It integrates several third-party technologies including jQuery, Google Maps API, and delivery service scripts, indicating a moderate level of technical maturity. However, the absence of a privacy policy and limited business information reduces its compliance and trustworthiness. Security posture is moderate with HTTPS usage and CSRF token presence but lacks advanced security headers and explicit vulnerability disclosures. Overall, the site is functional but would benefit from enhanced transparency, security practices, and privacy compliance to improve user trust and regulatory adherence.

C

Croatian Climate Change Panel

solarniklaster.org

45

The Croatian Climate Change Panel operates the solarniklaster.org website as a specialized platform focused on renewable energy, sustainable technologies, and climate change awareness primarily targeting Croatian and regional audiences. The site offers news, expert articles, multimedia content, and educational resources to support green energy transition efforts. Technically, the website uses a standard modern tech stack including Bootstrap, jQuery, and analytics tools, hosted on a domain registered since 2015 with privacy protection. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is basic with policies present but no explicit cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is a credible, niche informational resource with room for security and privacy improvements.

Otok Krk energija d.o.o. is a Croatian limited liability company focused on producing and supplying renewable energy, primarily solar, to achieve energy independence for the island of Krk. The company is relatively new, founded in 2019, and is owned by the local municipality of Baška with plans to include other local government units as co-owners. Their business model centers on local investment and sustainable energy production, positioning themselves as a key player in the regional green energy market. The website reflects this mission with content in Croatian and some English, targeting local residents, investors, and governmental bodies interested in renewable energy projects. Technically, the website uses common web technologies such as Bootstrap, jQuery, and popular carousel libraries, with integration of Google Analytics and Facebook SDK for tracking and marketing purposes. The site is moderately optimized for mobile and SEO but lacks advanced accessibility features. Security posture is moderate; HTTPS is used but no explicit security headers or incident response policies are published. Privacy and cookie policies exist but lack active consent mechanisms. Overall, the website is professional and trustworthy but could improve in security and privacy compliance. Recommendations include implementing security headers, adding cookie consent, publishing incident response information, and enhancing contact transparency.

A

Aittakoodi Oy

pikavuorot.fi

47

Pikavuorot.fi is a Finnish transportation price comparison website operated by Aittakoodi Oy, founded in 2015. The platform aggregates and compares prices and schedules for bus and train travel across multiple Finnish transportation providers, including major companies such as VR, Matkahuolto, Onnibus, and airlines like Finnair and Norwegian. It serves a general audience seeking convenient travel planning and ticket purchasing options within Finland. The website enjoys a moderate market position as a leading price comparison tool in its niche. Technically, the site employs a modern but somewhat dated technology stack including Bootstrap 3, jQuery, DataTables, and Socket.io for real-time data updates. It integrates multiple third-party services for fonts, advertising, and analytics, including Google Adsense and Facebook SDK. The site is mobile-optimized with good navigation and SEO practices, though accessibility features are basic. From a security perspective, HTTPS is used, but explicit security headers are not detected in the provided data. No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is basic, with a cookie consent banner and a privacy policy page present, but no detailed security or incident response policies are published. Contact information is limited to an email address, with no phone or physical address provided. Overall, Pikavuorot.fi presents a trustworthy and functional service with room for improvement in security hardening, privacy transparency, and expanded contact options. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include enhancing security headers, publishing comprehensive policies, and improving user trust signals.