High-risk security reports

C

ConvexityShares

convexityshares.com

44

ConvexityShares is a small ETF issuer based in the USA, founded in 2020, currently without active products in the market. The company operates under the parent company Teucrium and targets investors interested in exchange-traded funds. The website provides basic business information, tax package support resources, and contact options primarily through a contact form and physical address. The digital infrastructure employs modern web technologies including Google Tag Manager and Twitter tracking pixels, indicating moderate digital maturity. However, the site lacks comprehensive privacy and cookie policies, which impacts privacy compliance ratings. From a security perspective, the website benefits from HTTPS encryption and domain transfer protection, enhancing trustworthiness. Nonetheless, it lacks advanced security headers and explicit incident response contacts, which are recommended for improved security posture. No critical vulnerabilities or exposed sensitive data were detected during analysis. The website is accessible without any WAF or blocking mechanisms, allowing full content inspection. Overall, ConvexityShares presents a basic but functional online presence consistent with a small financial services business. Strategic improvements in privacy compliance, security headers, and incident response transparency would enhance trust and regulatory alignment. The company’s partnership with tax package support services adds value to its investor audience.

The website at adtech.app currently presents an extremely minimal and placeholder-like presence with no visible content, metadata, or business information. There is no privacy policy, cookie policy, terms of service, or contact information available, which severely limits its credibility and user trust. The only external link is to the powering company Online Solution Int, suggesting the site may be under development or not actively maintained. Technically, the site lacks any detectable modern technologies, scripts, or frameworks, and no security headers or SSL information is available from the provided data. The security posture is weak due to the absence of HTTPS and security best practices. Overall, the site is not suitable for business or user engagement in its current state and poses risks related to trust and compliance.

E

Eesti Meediaettevõtete Liit

meedialiit.ee

41

Eesti Meediaettevõtete Liit is a well-established Estonian media association founded in 1990, representing a broad spectrum of private media outlets including web portals, TV, radio, newspapers, and magazines. The organization focuses on promoting trustworthy journalism, protecting the interests of its members, and advocating for fair competition in the media market. The website reflects this mission with relevant content, press council decisions, and news updates targeted at media professionals and the Estonian public. Technically, the site is built on WordPress with a modern tech stack including Bootstrap, Yoast SEO, and Google reCAPTCHA, ensuring a good user experience and basic security measures. The security posture is solid with HTTPS and anti-bot protections, though some advanced security headers could be added. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional, trustworthy, and serves its audience effectively.

A

AirProxy AS

airproxy.eu

46

AirProxy AS is a specialized General Sales and Service Agent (GSSA) company with 30 years of experience serving passenger and cargo airlines in the Baltic region through offices in Tallinn, Riga, and Vilnius. The company focuses on providing representation and support services to airlines, positioning itself as a trusted partner in the transportation sector. The website is built on WordPress and employs standard web technologies, offering a professional and consistent user experience with good mobile optimization and navigation clarity. However, the site lacks critical privacy and cookie policies, contact information, and security headers, which impacts its overall security posture and privacy compliance. HTTPS is properly implemented, ensuring secure communication. The absence of analytics and tracking scripts suggests minimal user tracking, aligning with privacy best practices. Overall, the website reflects a credible small business with room for improvement in security and compliance documentation.

C

Cargo Handling AS

ch.ee

43

Cargo Handling AS is an Estonian-based small transportation and logistics company specializing in cargo handling and storage services for international air and road carriers, freight forwarders, and companies engaged in international trade. The company also offers customs warehouse and excise warehouse services. The website is built on WordPress using the Divi theme, indicating a moderate level of digital maturity with a focus on clear presentation and multilingual support (Estonian and English). Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is professional and functional but could improve in privacy and security transparency to enhance trust and compliance.

K

KiVa / Tenz

kivaschool.be

48

The website www.kivaschool.be represents the KiVa anti-bullying program operated by Tenz in Belgium, supported by recognized educational institutions. It provides comprehensive information about the program, resources for schools, parents, and educators, and includes a webshop and training offerings. The site is well-structured with consistent branding and clear navigation, targeting educational stakeholders in Flanders. Technically, the site uses a custom CMS (Ambacht CMS) with common web technologies such as jQuery, Bootstrap 3, and Select2, and integrates Google Analytics and ReadSpeaker for accessibility. Security posture is moderate with no visible security headers and unknown SSL configuration, but it implements a detailed cookie consent mechanism. WHOIS data is unavailable due to registry restrictions, which reduces transparency but the site content and contact details support legitimacy. Overall, the site is professional and functional with room for improvement in security and privacy policy disclosures.

F

FinanceEstonia

financeestonia.eu

45

FinanceEstonia is a well-established umbrella organization representing the Estonian financial sector, with over 90 members from both private and public sectors. The organization focuses on advocacy, fostering innovation, and supporting the growth of fintech and capital markets in Estonia. The website reflects a mature digital presence built on WordPress, with good SEO and mobile optimization. Security posture is solid with HTTPS and secure forms, though it lacks explicit security headers and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional and trustworthy, supporting FinanceEstonia's role as a key industry player.

A

ACE Logistics Group AS

acegroup.ee

49

ACE Logistics Group AS is a well-established logistics company operating primarily in the Baltic states and neighboring countries. Founded in 1992, the group comprises multiple subsidiaries specializing in logistics, freight forwarding, cargo handling, sales agency, and real estate services. The company positions itself as a regional leader in logistics services, targeting businesses requiring comprehensive logistics solutions in Estonia, Latvia, Lithuania, and Ukraine. The website reflects a professional and consistent brand image with clear business information and contact details. Technically, the website is built on WordPress using Visual Composer, leveraging common libraries such as jQuery and Bootstrap. The site is mobile-optimized and performs moderately well, with good SEO practices and accessibility at a basic level. HTTPS is enforced, ensuring secure communications, though the absence of security headers and cookie consent mechanisms indicates room for improvement in security and privacy compliance. From a security perspective, the site demonstrates a solid baseline with HTTPS but lacks advanced security headers and incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy policies exist but lack explicit GDPR consent mechanisms. The absence of terms of service and incident response contacts suggests gaps in compliance and security readiness. Overall, the website is credible and trustworthy, with a strong business presence and good technical implementation. Strategic improvements in security headers, privacy compliance, and incident response transparency would enhance the security posture and regulatory adherence.

A

ACE Logistics Ukraine LLC

acelogistics.ua

47

ACE Logistics Ukraine LLC is a small transportation and logistics company based in Ukraine, specializing in international freight forwarding services including road, air, and sea transport, customs brokerage, cargo insurance, and warehousing. The company targets businesses requiring efficient and professional logistics solutions with a focus on individual customer needs. Their website is built on WordPress using common plugins and libraries, providing a good user experience with clear navigation and relevant content. However, the site lacks critical compliance documentation such as privacy and cookie policies, and does not disclose security or incident response policies. Security posture is moderate with HTTPS enabled but missing security headers and vulnerability disclosure mechanisms. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. The website uses Google Analytics and Google Tag Manager for tracking, indicating moderate user tracking without clear privacy compliance disclosures.

The website ace.lt appears to be a small Lithuanian domain registered since 1997 under the registrar UAB "BALTNETOS KOMUNIKACIJOS". The site is built on WordPress but currently suffers from visible PHP warnings and errors related to the revslider plugin, indicating outdated or incompatible code. There is no accessible business content, contact information, or privacy and cookie policies, which significantly limits the ability to assess the business model or services offered. The technical infrastructure shows signs of neglect with poor performance and no visible security best practices implemented. Security posture is weak due to exposed PHP warnings and lack of security headers or HTTPS confirmation. Overall, the site is accessible but of very low quality and professionalism, with critical issues that impact trust and compliance.

A

ACE Logistics Latvia SIA

ace.lv

44

ACE Logistics Latvia SIA is a medium-sized logistics and freight transportation company based in Latvia, operating as part of the ACE Logistics Group with subsidiaries in Estonia, Lithuania, and Ukraine. The company offers a broad range of transportation services including road, air, sea, and rail freight, complemented by customs documentation, warehousing, and cargo insurance. Their market position is that of an established regional player with international reach, supported by ISO 9001 and ISO 14001 certifications that demonstrate commitment to quality and environmental standards. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive service information. Technically, the website is built on WordPress using popular plugins such as WPBakery Page Builder and Slider Revolution. It integrates Google Analytics and Facebook SDK for tracking and marketing purposes. The site performs moderately well with good SEO practices and basic accessibility features. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though security headers could be enhanced and legacy jQuery usage updated to reduce risk. No explicit incident response or vulnerability disclosure mechanisms are present, which could be improved to enhance security transparency. Contact information is clearly provided, including phone numbers, email, and physical address, supporting business credibility. Overall, the site reflects a trustworthy and professional logistics provider with room for security and compliance enhancements. Strategic recommendations include implementing stronger security headers, updating legacy scripts, publishing incident response contacts and vulnerability disclosure policies, and continuing to enhance privacy compliance and user trust through transparent communication.

A

AS Äripäev

raamatupidaja.ee

46

Raamatupidaja.ee is a well-established Estonian media portal specializing in accounting, tax, and labor law news. Operated by AS Äripäev, it serves professionals in accounting and finance sectors with news, expert advice, podcasts, and training services. The website demonstrates a mature digital infrastructure using modern web technologies such as React and Next.js, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly available. The site complies with GDPR and provides clear privacy and cookie policies. Overall, Raamatupidaja.ee presents a trustworthy and professional online presence with a solid market position in Estonia's business media landscape.

E

Eesti Väike- ja Keskmiste Ettevõtjate Assotsiatsioon

evea.ee

46

EVEA (Eesti Väike- ja Keskmiste Ettevõtjate Assotsiatsioon) is a well-established non-profit business association founded in 1988, representing the interests of small and medium-sized enterprises in Estonia. The organization provides a broad range of services including legal advice, financial consulting, and networking opportunities, positioning itself as the largest SME advocacy group in Estonia. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to its target audience of Estonian SMEs. Technically, the website is built on WordPress with WooCommerce and uses modern frameworks such as UIkit and analytics tools like Google Analytics via MonsterInsights. The site is hosted by Elkdata OÜ, an Estonian hosting provider, and demonstrates good mobile optimization and SEO practices. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site enforces HTTPS and uses reCAPTCHA for forms, but lacks explicit security headers and documented security policies or incident response plans. Privacy and cookie policies are present and GDPR compliant, indicating a basic level of privacy compliance. No critical vulnerabilities or suspicious patterns were detected. Overall, the website presents a trustworthy and credible digital presence for EVEA, with a solid foundation in business credibility and technical implementation. Strategic improvements in security headers, accessibility, and formal security policies would enhance the security posture and compliance maturity.

C

Caotica OÜ

caotica.ee

49

Caotica OÜ is a specialized web design and development agency based in Estonia, operating since 2008. The company offers a comprehensive suite of digital services including website design, web development across platforms like WordPress, Webflow, and Wix, e-commerce solutions with WooCommerce and Shopify, as well as ongoing website management and SEO optimization. Their market position is that of a trusted, experienced small business serving both local and international clients, with over 200 projects completed and 80+ clients served. The website reflects a professional and consistent brand image with clear service offerings and client testimonials, supporting their credibility. Technically, the website is built on WordPress using the Avia Framework and Yoast SEO plugin, leveraging modern web technologies such as jQuery and Google Fonts. The site is mobile-optimized and demonstrates good SEO practices with structured data and meta tags. Hosting and domain registration are managed by Zone Media OÜ, consistent with the company's Estonian base. Performance is moderate, with room for optimization. From a security perspective, the site uses HTTPS with anonymized IP tracking in Google Analytics and implements a cookie consent mechanism, indicating awareness of privacy compliance. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not detected, and no formal security or incident response policies are published. There is no vulnerability disclosure or security.txt file, which could be areas for improvement. Overall, Caotica OÜ presents a low-risk profile with a solid business foundation, professional web presence, and basic privacy compliance. Strategic enhancements in security headers, incident response transparency, and accessibility could further strengthen their security posture and trustworthiness.

The website ria.ee is currently inaccessible due to a Cloudflare security challenge page requiring human verification. This prevents access to any substantive content, business information, or policies. The domain is registered since 2010 with an Estonian registrar, indicating a legitimate and established domain. The technical infrastructure relies on Cloudflare services including Turnstile captcha and Cloudflare Insights for security and analytics. Due to the blocking, no privacy, cookie, or terms of service policies are visible, nor is any contact or business information. The security posture cannot be fully assessed, but the use of Cloudflare indicates a baseline of protection. Overall, the site cannot be fully analyzed until the WAF challenge is passed, limiting the ability to provide a comprehensive risk assessment or business intelligence.

V

VEPA

vepa.ee

40

VEPA is an Estonian educational initiative focused on evidence-based classroom management methodologies primarily targeting early school years. The website presents a professional and consistent brand supported by the Tervise Arengu Instituut, with clear educational content and training offerings. The digital infrastructure is based on WordPress with common JavaScript libraries and includes standard tracking and marketing tools such as Google Analytics and Mailchimp. Privacy and cookie policies are well implemented and GDPR compliant, enhancing user trust. Security posture is generally good with HTTPS enforced and secure form practices, though improvements in security headers and incident response transparency are recommended. Overall, the website is accessible, well-structured, and trustworthy, supporting its educational mission effectively.

T

Tervise Arengu Instituut

tubakainfo.ee

43

Tubakainfo.ee is an official Estonian government public health website managed by the Tervise Arengu Instituut (Health Development Institute). It provides comprehensive educational content on the harms of tobacco use, passive smoking, and supports tobacco cessation efforts. The site targets Estonian-speaking tobacco users, their families, and healthcare professionals, offering interactive tools, videos, and guidance. The website is well-structured, professionally designed, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins such as Yoast SEO, Google Tag Manager, and Facebook Pixel for analytics and marketing. It uses HTTPS with good SSL configuration but lacks some security headers. The site does not display a privacy or cookie policy, which is a notable compliance gap, especially given the use of tracking pixels. Contact information is clearly provided, enhancing business credibility. From a security perspective, the site shows good practices like HTTPS and nonce usage for AJAX but could improve by adding security headers and publishing explicit security and incident response policies. No vulnerabilities or suspicious patterns were detected. WHOIS data confirms the domain is registered to the official Estonian health institute, supporting legitimacy. Overall, the site is trustworthy and professional but should address privacy compliance and security policy transparency to improve its security posture and regulatory adherence.

T

Tervise Arengu Instituut

toitumine.ee

40

The website toitumine.ee is an official Estonian government health information portal managed by the Tervise Arengu Instituut under the Haridus- ja Teadusministeerium (EENet). It provides comprehensive nutrition guidelines, health advice, and tools such as a BMI calculator targeted at Estonian residents across various life stages and health conditions. The site is well-structured with rich content and expert contributions, positioning it as a trusted national resource for healthy eating information. Technically, the site is built on WordPress with modern libraries like jQuery, Bootstrap, and integrates Google Analytics and Facebook SDK for tracking. The site is mobile-optimized and performs moderately well, though accessibility features are basic. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks security headers and explicit incident response or vulnerability disclosure information. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. Overall, the site is credible and trustworthy but would benefit from enhanced privacy and security practices.

N

Narko

narko.ee

42

The website www.narko.ee serves as a comprehensive informational and support platform focused on narcotics, risk reduction, and assistance options primarily targeting the Estonian population. It provides extensive educational content, community resources, and guidance for drug users, their relatives, and the broader community. The site is positioned as an authoritative resource, likely supported by government or non-profit entities, with a clear focus on public health and harm reduction. Technically, the website is built on WordPress with a modern plugin ecosystem including Yoast SEO and GDPR compliance tools. It employs Google Analytics for user tracking and demonstrates good mobile responsiveness and SEO optimization. However, some technical debt is noted with the use of an older jQuery version, which could pose security risks. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms aligned with GDPR. While no critical vulnerabilities or exposed sensitive data were detected, the absence of a published security policy, incident response contacts, and security.txt file indicates room for improvement in transparency and readiness. Security headers are not explicitly confirmed, and updating libraries is recommended. Overall, the website presents a trustworthy and professional front with good content quality and compliance posture. Strategic enhancements in security policies, technical updates, and contact transparency would further strengthen its security posture and user trust.

H

Avaleht - Hiv

hiv.ee

40

The website hiv.ee serves as an informational and support portal focused on HIV awareness, prevention, testing, and living with HIV in Estonia. It targets Estonian-speaking individuals, including those living with HIV and at-risk populations, providing educational content, testing locations, and counseling resources. The site is positioned as a trusted health information source, likely operated or supported by public health entities or non-profit organizations. Technically, the site is built on WordPress, utilizing common libraries such as jQuery and Slick Carousel, and integrates marketing and analytics tools like Google Tag Manager, Google Analytics, and Facebook Pixel. The site is mobile-optimized with good navigation and content relevance. Security-wise, the site enforces HTTPS and uses cookie consent banners but lacks visible security headers and explicit privacy policies, which are areas for improvement. Overall, the site is functional, professional, and moderately secure, with room to enhance privacy compliance and security posture.

Z

Zone Media OÜ

alkoinfo.ee

42

Alkoinfo.ee is a well-established Estonian public health informational website focused on reducing alcohol consumption and providing support and education to individuals and their families. Operated by Zone Media OÜ and affiliated with the Estonian Health Development Institute (Tervise Arengu Instituut), it offers a range of services including educational content, self-assessment tests, and a Q&A advice section. The site targets Estonian and Russian speaking audiences concerned about alcohol use. Technically, the site is built on WordPress using the Understrap theme and integrates modern web technologies such as Google Analytics and Facebook Pixel for tracking. Security posture is good with HTTPS and CAPTCHA on forms, but lacks some security headers and explicit privacy and cookie policies. The domain is legitimate, registered since 2010, and consistent with the business identity.

V

Visionest Institute

invicta.ee

47

Visionest Institute is an Estonian education and training organization formed by the merger of Marketingi Instituut, Invicta, and Director. It offers a wide range of professional development programs, including corporate training, personal development plans, and a digital magazine. The company targets businesses and individual learners, focusing on leadership, marketing, sales, and export sectors. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support. Technically, it is built on WordPress with WooCommerce and integrates advanced marketing and analytics tools such as Google Tag Manager, HubSpot, and Facebook Pixel. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response information are absent. Overall, the domain registration details align well with the business profile, indicating legitimacy and consistency.

The website crex.lv is currently inaccessible beyond a security challenge page that performs a browser integrity check and automatic redirect. The visible content is minimal, showing only a loading animation and a countdown timer. The site appears to be running very outdated content management systems, specifically Joomla 1.5 and WordPress 2.5, which are known to have multiple security vulnerabilities. There is no visible business or contact information, privacy or cookie policies, or terms of service. The only external link is to BitNinja.IO, indicating the use of a third-party security service to protect the site. Due to the security challenge and lack of accessible content, a full analysis of the website's business model, services, and compliance posture is not possible.

I

IZSTĀŽU RĪKOTĀJSABIEDRĪBA BT 1

rigaexpo.lv

43

The website represents an international exhibition center based in Latvia, operated by IZSTĀŽU RĪKOTĀJSABIEDRĪBA BT 1. It offers venue rental for various events such as conferences, sports competitions, concerts, and corporate gatherings. Additional services include catering through Expo Cafe and equipment rental for event needs. The business targets event organizers and corporate clients within the Latvian market. The website content is basic but functional, providing essential information and links to partner services. Technically, the site uses older but stable technologies like Bootstrap 3 and jQuery 3.1.1, with moderate mobile optimization and basic accessibility features. Security posture is limited, with no visible HTTPS enforcement or security headers, and no cookie consent mechanism implemented. Privacy and terms of service documents exist but are basic and lack explicit GDPR compliance indicators. Overall, the site is moderately trustworthy but would benefit from improved security and privacy practices.

Z

Zone Media OÜ

digioskused.ee

47

Digioskused.ee is an Estonian educational platform offering free AI and digital skills training, developed in partnership with Google and Estonian government agencies. The website serves individuals and businesses aiming to enhance their digital competencies through practical, accessible online courses. The platform leverages modern web technologies including WordPress, jQuery, and integrates Google Tag Manager and Facebook Pixel for analytics and marketing. Security measures include HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers are missing. The domain registration is consistent with the business purpose and geographic location, supporting legitimacy. Overall, the site presents a professional and trustworthy digital presence with good content quality and user experience.

M

Motor Agency

motoragency.eu

40

Motor Agency is a specialized exhibition design and production company focused on museums, expos, and showrooms. They integrate multimedia and virtual reality technologies to create immersive educational and entertainment experiences. Their market position is that of a niche service provider with recognized awards and partnerships in the cultural sector. The website reflects a professional and consistent brand image targeting cultural institutions and educational organizations primarily in Estonia and Europe. Technically, the site uses Concrete CMS with modern frameworks like Bootstrap 5 and includes multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized and has good SEO practices but lacks visible privacy and cookie policies, which is a compliance gap. Security posture is decent with HTTPS enforced but missing security headers and formal security policies. Overall, the domain registration data is consistent and trustworthy, supporting the legitimacy of the business.

E

Eesti kaevandusmuuseum

kaevandusmuuseum.ee

44

Eesti Kaevandusmuuseum is a specialized museum and adventure tourism business located in Estonia, offering unique underground mining experiences, safaris, educational programs, and event hosting. The website is professionally designed using WordPress with WooCommerce and booking plugins, supporting multiple languages and providing rich content about their services and events. The technical infrastructure is modern and includes integration with Google Tag Manager and Facebook SDK for marketing and analytics, although Google Analytics is not fully configured. Security posture is solid with HTTPS enforced and cookie consent implemented, but could be improved with additional security headers and explicit incident response policies. Overall, the website reflects a credible and trustworthy business with a good digital presence.

Z

Zone Media OÜ

teletorn.ee

43

Tallinna Teletorn is a prominent Estonian tourism and hospitality business operating the highest open viewing platform in Northern Europe. The website presents a professional and engaging digital presence, offering ticket sales, event hosting, educational programs, and restaurant services. The company targets tourists, families, and educational groups, positioning itself as a key cultural landmark in Tallinn. Technically, the site is built on WordPress with modern plugins for SEO, multilingual support, and social media integration, delivering a good user experience with responsive design and multimedia content. Security posture is solid with HTTPS, cookie consent, and anti-spam measures, though explicit security policies and headers could be improved. Overall, the business demonstrates credibility and digital maturity with room for enhanced privacy compliance and security transparency.

T

Tallinna Loomaaed

tallinnzoo.ee

41

Tallinna Loomaaed operates as a well-established public zoo in Estonia, offering extensive animal collections, educational programs, and conservation efforts. The website reflects a mature digital presence with multilingual support, clear navigation, and comprehensive content targeting families, educators, and conservationists. Technically, the site is built on WordPress with WooCommerce for ticketing, integrating modern analytics and marketing tools while maintaining good performance and accessibility standards. Security posture is strong with HTTPS enforced and no evident vulnerabilities, though explicit security policies and vulnerability disclosure mechanisms are absent. Overall, the domain registration and website content align well, indicating a trustworthy and legitimate organization.

E

Eesti Tervisemuuseum

tervishoiumuuseum.ee

43

Eesti Tervisemuuseum is a small, non-profit educational museum based in Tallinn, Estonia, focused on health and the human body. The museum offers a variety of services including exhibitions, educational programs, workshops, event hosting, and a podcast. It targets a broad audience including children, families, and adults interested in health education. The website is professionally designed with consistent branding and rich content, supporting multiple languages (Estonian, Russian, English). The museum maintains a clear online presence with social media channels and provides accessible contact information. Technically, the site is built on WordPress with WooCommerce and uses modern web technologies and SEO best practices. The hosting and domain registration are consistent with the museum's Estonian identity.

L

Læsø Museum

laesoe-museum.dk

48

Læsø Museum is a small, state-recognized local museum established in 1938, dedicated to preserving and showcasing the cultural heritage of Læsø, Denmark. The museum operates multiple departments and offers exhibitions, guided tours, and visitor services including a shop and café. The website reflects a well-structured and content-rich platform targeting visitors interested in local history and culture. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and is hosted with assets served from a CDN, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and published privacy or security policies. The absence of WHOIS data reduces domain trustworthiness, but the website content and contact information appear legitimate and consistent with the museum's profile. Overall, the site scores well in business credibility and user experience but should improve privacy transparency and security practices.

E

Eesti Ajaloomuuseum SA

ajaloomuuseum.ee

41

Eesti Ajaloomuuseum SA operates as a leading historical museum in Estonia, providing cultural and educational services through multiple exhibition venues including the Film Museum, Theatre and Music Museum, Great Guild Hall, and Maarjamäe Castle. The website targets museum visitors, families, and cultural tourists, offering detailed information on exhibitions, events, and visitor planning. The business model is public/governmental, focusing on cultural preservation and education with a medium organizational size and established presence since 2010. Technically, the website is built on the Voog CMS platform, hosted by Zone Media OÜ, and employs modern web standards with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent implemented, though lacking advanced security headers and explicit incident response contacts. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, though improvements in security policies and vulnerability disclosure would enhance trust further.

S

SA Eesti Meremuuseum

meremuuseum.ee

46

Eesti Meremuuseum is a well-established maritime museum organization in Estonia, operating multiple museum sites and offering a range of cultural, educational, and research services related to maritime heritage. The website reflects a professional and consistent brand presence, targeting museum visitors, educators, researchers, and maritime enthusiasts. The business model is that of a government or non-profit cultural institution with a medium organizational size and a history dating back to at least 2010. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses performance optimization tools such as WP Rocket. It integrates Google Analytics and Tag Manager for analytics and tracking, and employs Google reCAPTCHA for form security. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although some security headers could be improved. Privacy and cookie policies are present and GDPR compliant, with clear contact information provided. Overall, the website is trustworthy, well-structured, and provides a good user experience.

LA-Studio is a small technology business specializing in the development and sale of WordPress themes, targeting WordPress users and developers seeking high-quality themes. The company leverages popular marketplaces such as ThemeForest to distribute its products and provides customer support via a dedicated support portal. The website demonstrates a good level of professionalism with consistent branding, customer testimonials, and active social media presence, positioning itself as a niche player in the WordPress theme market. Technically, the website is built on WordPress 5.9.7 using Elementor and Slider Revolution plugins, with jQuery as a JavaScript library. The site is hosted with DNS managed by Cloudflare and registered via GoDaddy, using HTTPS with a valid SSL certificate. Performance and mobile optimization are moderate to good, though accessibility features are basic. SEO is adequately addressed with proper meta tags and structured data. From a security perspective, the site benefits from HTTPS and domain registration protections but lacks DNSSEC and security headers such as CSP or HSTS. No explicit privacy, cookie, or security policies are present, which may impact compliance with GDPR and other regulations. The use of Google reCAPTCHA helps mitigate bot traffic. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a moderate risk profile with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

U

UÜ Granaat

granaat.ee

40

UÜ Granaat is a small Estonian technology company specializing in creating sales-enhancing websites and e-commerce stores on the Voog platform. Established in 2010, the company leverages over 15 years of experience to deliver tailored web solutions aimed at helping small businesses achieve their goals. Their market position is strengthened by their official partnership with Voog and a strong portfolio of satisfied clients, as evidenced by numerous positive testimonials. Technically, the website is built using modern frameworks such as Next.js and React, styled with Tailwind CSS, and optimized for fast performance and excellent mobile responsiveness. Hosting and domain registration are consistent and managed by Elkdata OÜ, further supporting the company's legitimacy. The site integrates Google Analytics via Google Tag Manager and uses Calendly for scheduling client calls. From a security perspective, the site enforces HTTPS and employs secure form handling, but lacks explicit security headers and published security policies. Privacy compliance is limited due to the absence of privacy and cookie policies, which presents a compliance risk under GDPR. No critical vulnerabilities or exposed sensitive data were detected. Overall, UÜ Granaat presents a professional and trustworthy web presence with solid technical foundations and business credibility. However, to enhance compliance and security posture, the company should publish privacy and cookie policies, implement consent mechanisms, and add recommended security headers.

M

MIXD meediaagentuur

mixd.ee

44

MIXD meediaagentuur is a small Estonian digital marketing agency specializing in digital media solutions, SEO, and conversion rate optimization to help brands grow sales and meet profit goals. The company presents a professional and well-structured website built on WordPress, leveraging modern SEO and analytics tools such as Rank Math and Google Tag Manager. The technical infrastructure is solid with HTTPS enabled and asynchronous loading of scripts, though performance is moderate and accessibility is basic. Security posture is generally good with no exposed sensitive data, but lacks advanced security headers and incident response mechanisms. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is trustworthy and credible but would benefit from enhanced privacy and security practices.

H

häk agency

hak.ee

42

häk agency is a strategic design and digital agency based in Estonia, founded in 2018. The company offers comprehensive services including branding, web environments, and advertising, serving over 500 satisfied clients. Their market position is strong, supported by client testimonials, awards, and certifications that enhance their credibility. The website is professionally designed, well-structured, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site runs on WordPress with modern tools such as Gravity Forms, Google Tag Manager, and Facebook Pixel, indicating a robust infrastructure. Security posture is good with HTTPS, reCAPTCHA, and cookie consent mechanisms in place, although explicit security policies and incident response contacts are not published. Overall, the website and business demonstrate high professionalism and trustworthiness, with minor recommendations to enhance security headers and publish security policies.

The website ve350.com is currently inaccessible due to a Cloudflare 520 error, indicating an unknown issue between Cloudflare's edge network and the origin web server. This prevents any meaningful content or business information from being accessed or analyzed. The domain WHOIS data shows a creation date in the future (May 28, 2025), which is inconsistent with the current date and raises questions about the domain's legitimacy or data accuracy. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the site. Technically, the site uses Cloudflare as a CDN and WAF, but the origin server is misconfigured or down, resulting in poor performance and accessibility. Security posture is weak with no visible security headers or SSL configuration details. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility due to the blocked content and lack of information.

D

Dirty Rigger™

dirtyrigger.co.uk

45

Dirty Rigger™ is a UK-based company specializing in manufacturing and retailing rugged personal protective equipment (PPE) such as gloves, tool bags, belts, and accessories tailored for professional riggers and tradespeople. Established in 2010 and operating under the parent company The Le Mark Group, the company positions itself as a niche leader in the rigging and trade gear market. Their website reflects a focused e-commerce business model targeting professionals requiring durable and reliable work gear. Technically, the website is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable digital infrastructure. The site is hosted likely with SiteGround and uses Ionos SE as the domain registrar. The website demonstrates good SEO practices, mobile optimization, and moderate performance. Security-wise, the site enforces HTTPS, uses Google reCAPTCHA for bot protection, and implements a comprehensive cookie consent mechanism with detailed user controls. However, it lacks explicit security policies, incident response information, and vulnerability disclosure mechanisms, which are areas for improvement. Overall, the site is professional, trustworthy, and compliant with basic privacy standards, but could enhance transparency and security posture further.

U

UAB „IPF Digital Lietuva“

credit24.lt

48

Credit24.lt is a Lithuanian online financial services provider specializing in fast consumer loans and credit lines up to 5,000 EUR with quick approval times of approximately 15 minutes. The company operates under UAB „IPF Digital Lietuva“ and is part of the IPF Digital Group LTD, with a strong presence in the Baltic region and other international markets. The website is professionally designed, mobile-optimized, and provides clear information about loan products, terms, and customer support channels. Technically, the site uses modern web technologies including React, Google Tag Manager, and integrates multiple analytics and advertising platforms. Security posture is strong with HTTPS enforced, security headers present, and no visible vulnerabilities. Privacy compliance is well addressed with cookie consent mechanisms and comprehensive privacy policies in Lithuanian. Overall, Credit24.lt presents a credible, trustworthy, and user-friendly platform for consumers seeking quick financial solutions.

T

Tervise Arengu Instituut

tai.ee

48

Tervise Arengu Instituut (TAI) is a leading Estonian national research and development institution focused on public health, disease prevention, and health promotion. The website reflects a well-established government-affiliated organization with a strong market position in healthcare research and public health services. It offers extensive resources including research publications, statistics, training events, and health registries, targeting health professionals, policymakers, and the general public. The site is professionally designed, content-rich, and well-structured, supporting multiple languages with a focus on Estonian.

U

URRAM

lugeja.ee

47

URRAM is a specialized Estonian library portal that provides users with access to a wide range of library catalogs, articles, and library information. It integrates with national authentication services such as ID-card, Mobile-ID, and Smart-ID, enabling secure user login and management of library services like reservations and loans. The platform targets library users across Estonia, including students, researchers, and the general public, positioning itself as a key national resource in the education and public service sectors. Technically, the website employs a modern frontend stack including Bootstrap 4.4.1, jQuery 3.4.1, and various Bootstrap extensions for UI components and date pickers. It uses Google Analytics for user tracking but lacks visible cookie consent mechanisms. The site is mobile responsive and offers a good user experience with clear navigation and search functionalities. However, some technical improvements are recommended, such as updating JavaScript libraries and enhancing accessibility. From a security perspective, the site enforces HTTPS and uses secure national eID authentication methods, which are strong trust signals. However, the absence of security headers and the use of an outdated jQuery version present potential vulnerabilities. The lack of explicit privacy and cookie policies also indicates compliance gaps with GDPR requirements. Overall, URRAM is a moderately mature digital platform with a solid business credibility in the Estonian library ecosystem. Strategic improvements in privacy compliance, security headers, and library technology updates would enhance its security posture and user trust.

M

Meelis Lilbok, Deltmar OÜ

raamatukogud.ee

43

The website www.raamatukogud.ee offers a specialized real-time service that tracks library borrowings across Estonia, providing live updates on checkouts, returns, and renewals. It targets library users and professionals interested in library activity data, positioning itself as a niche information service within the Estonian education sector. The business is operated by Deltmar OÜ, with clear branding and consistent content focused on library statistics and mapping. Technically, the site employs a modern JavaScript stack including jQuery, Google Maps API, Google Charts, and integrates social media and analytics tools. The site is mobile-optimized and performs moderately well, though accessibility features are basic. Security posture is good with HTTPS enforced and no exposed sensitive data, but lacks security headers and formal policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is legitimate and trustworthy but would benefit from enhanced compliance and security practices.

W

Webware

webware.ee

46

Webware OÜ is an established Estonian technology company specializing in comprehensive and flexible information and document management solutions through its flagship platform, WebDesktop. With over 23 years of experience, Webware serves a broad client base including major organizations in Estonia and Northern Europe, positioning itself as a market leader in the info management sector. The company offers a range of services including software analysis, development, hosting, training, and workflow and risk management, targeting both private and public sector organizations. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support.

I

INHUS Prefab, UAB

inhusprefab.eu

45

INHUS Prefab, UAB is a medium-sized manufacturing company specializing in prefabricated reinforced concrete structures and architectural concrete facade elements. Operating primarily in Lithuania with projects extending to Nordic countries and the UK, the company positions itself as a reliable regional player in the construction sector. Their website reflects a professional digital presence with clear navigation, multilingual support, and a portfolio of completed projects. Technically, the site uses modern web technologies including HTML5, CSS, JavaScript, and integrates Google Analytics for user tracking. The site is mobile optimized and performs moderately well. Security posture is adequate with HTTPS enforced but lacks advanced security headers and public security policies. Privacy compliance is addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is transparent and includes company email, phone, and physical address. Overall, the website demonstrates good business credibility and digital maturity with room for security enhancements.

O

OÜ Kultuurinet

kultuurikava.ee

40

Kultuurikava.ee is an Estonian cultural event listing platform operated by OÜ Kultuurinet, established in 2012. It serves as a guide to cultural happenings in Estonia, targeting local residents and visitors interested in arts and events. The platform offers event search and filtering capabilities and maintains a consistent brand presence with a professional website design. The business operates in the media sector with a niche focus on cultural events. Technically, the website leverages modern web technologies including React, Font Awesome, Leaflet.js for mapping, and integrates analytics tools such as Google Analytics and Facebook SDK. The hosting is provided by Zone Media OÜ, a known Estonian hosting provider. The site is mobile-optimized with good user experience and basic SEO and accessibility features. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and a cookie consent mechanism despite using tracking scripts, which indicates room for improvement in privacy compliance and security best practices. No critical vulnerabilities or suspicious indicators were found. Overall, Kultuurikava.ee presents a moderate risk profile with good business credibility and technical implementation. Strategic improvements in privacy compliance and security headers would enhance trust and regulatory adherence.