High-risk security reports

V

Vana-Võidu Autokeskus OÜ

vvautokeskus.ee

40

Vana-Võidu Autokeskus OÜ is a small Estonian automotive service company established in 1996, specializing in car repair, maintenance, tire services, and trailer repair and sales. The company operates locally near Viljandi and targets vehicle owners requiring these services. The website is built on the Voog CMS platform, leveraging modern JavaScript libraries and Google Analytics for tracking. The site is mobile-optimized with good design and navigation, providing clear business and contact information. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is functional and professional but could improve in privacy and security transparency.

P

PoolQ OÜ

poolq.ee

38

PoolQ OÜ is a small Estonian company specializing in the sale, maintenance, repair, and rental of Tiki and Respo trailers, as well as automotive locksmith and repair services for cars and small vans. The company operates primarily in Pärnu and is an official Autoasi representative, positioning itself as a local trusted service provider in the transportation sector. The website reflects a focused business model targeting vehicle owners and businesses requiring trailer and vehicle services. Technically, the website is built on WordPress with common plugins and libraries such as jQuery and Bootstrap, offering moderate performance and good mobile responsiveness. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks advanced security headers and formal privacy or cookie policies, indicating room for compliance improvement. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

E

Elkdata OÜ

boatworld.ee

40

BoatWorld, operated by Elkdata OÜ, is an established Estonian business specializing in the sale of boats, motors, and related marine equipment, complemented by workshop services and financing options. The website is built on a modern WordPress WooCommerce platform, leveraging performance optimizations and structured data to enhance user experience and SEO. The business targets consumers and businesses interested in marine and motorized recreational vehicles within Estonia and the Baltic region. The domain age and WHOIS data confirm a legitimate and consistent business presence since 2010. Security posture is solid with HTTPS and some security best practices, though explicit security policies and incident response contacts are absent. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the website is professional, functional, and trustworthy but would benefit from enhanced privacy and security transparency.

M

Motohoov

motohoov.ee

41

Motohoov is a small Estonian business specializing in motorcycle gear, stylish riding apparel, and maintenance services. Established in 2010, it operates a WordPress-based website that serves as a digital storefront and information portal for motorcycle enthusiasts in Estonia. The website is well-structured with good SEO practices and provides a cookie consent mechanism compliant with GDPR regulations. The business targets local motorcycle riders and offers key services including retail sales, spare parts ordering, and servicing. The site integrates Google Analytics for visitor tracking and uses modern web technologies such as Elementor and Yoast SEO plugins.

Z

Zone Media OÜ

tooriistamarket.ee

48

Tooriistamarket.ee is a well-established Estonian retail business specializing in tools, workwear, chemicals, and related equipment, serving both professional tradespeople and general consumers. Founded in 2010 and operated by Zone Media OÜ, the company combines e-commerce with physical retail locations, offering a broad product range and additional services such as tool rental and installment payment options. The website is professionally designed with clear navigation and good mobile optimization, reflecting a mature digital presence. Technically, the site is built on the Magento platform, leveraging modern JavaScript libraries and third-party marketing and analytics tools including Google Analytics, Facebook Pixel, and TikTok Pixel. The infrastructure is hosted and registered by Zone Media OÜ, ensuring consistency and control over the domain and hosting environment. Performance is moderate with room for optimization, and SEO practices are well implemented. Security posture is strong with HTTPS enforced, CSRF protections, and GDPR-compliant cookie consent mechanisms. However, explicit security headers like X-Frame-Options and Content Security Policy could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is good, with a comprehensive privacy policy and cookie management, though incident response and security policy disclosures are absent. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing security headers, publishing a security policy and incident response contacts, and maintaining regular audits of third-party scripts to sustain security and compliance.

P

Paadilaenutus OÜ

paadirent.ee

41

Paadilaenutus OÜ is a small Estonian company specializing in boat rentals, sales, and maintenance, with additional offerings in waste container sales and guided nature excursions. The company has a solid local market position with partnerships with Latvian boat manufacturers and a focus on nature tourism along the Emajõgi river. The website content is informative but presented with outdated design and technical infrastructure, lacking modern web standards and mobile optimization. Security posture is weak, with no HTTPS enforcement, missing security headers, and absence of privacy or cookie policies, exposing the site to compliance and security risks. Overall, the site is functional but requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and user experience.

A

Atlante OÜ

atlante.ee

43

Atlante OÜ operates the Atlante Autokeskus website, providing a comprehensive range of vehicle-related services in Tartu, Estonia, including vehicle sales, rentals, maintenance, and repair. The company has a well-established presence since 2003 and offers additional services such as office space rental and cooperation with insurance companies. The website is built on WordPress with WooCommerce, employing modern plugins and technologies to deliver a functional and visually appealing user experience. While the site is well-structured and mobile-optimized, it lacks explicit privacy and terms of service policies, which are critical for compliance and user trust. Security posture is generally good with HTTPS and reCAPTCHA integration, but could be improved by adding security headers and formal security policies. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business.

The website saaremaavald.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge page, which blocks direct content access. The domain is registered since 2014 with an Estonian registrar, indicating a stable registration history. However, no business or contact information, privacy policies, or terms of service are visible on the landing page. The technical infrastructure relies heavily on Cloudflare services for security and performance, but no additional technologies or CMS platforms are detectable. The security posture cannot be fully assessed due to the content block, but the presence of Cloudflare indicates some level of protection. Overall, the website lacks visible content and compliance indicators, resulting in a low AI score and limited ability to analyze business credibility or privacy compliance.

LEADELL Pilv is a well-established Baltic law firm network providing comprehensive legal services to business clients across Estonia, Latvia, and Lithuania. The firm specializes in a broad range of legal sectors including tax, administrative law, real estate, mergers and acquisitions, healthcare, IT, dispute resolution, business law, and finance. The website reflects a professional and consistent brand image with good content quality and clear navigation, targeting business clients in the Baltic region. Technically, the site is built on WordPress with modern analytics and SEO tools, showing moderate performance and good mobile optimization. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies are absent. Privacy compliance is partial, with a consent mechanism present but no explicit privacy or cookie policy pages found. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

S

Saimaa Group Oy

saimaagroup.fi

49

Saimaa Group Oy is Finland’s largest industrial insulation and scaffolding group, providing specialized services locally and internationally. The company operates through subsidiaries such as Arme and Kymsol, offering comprehensive contracting and digital solutions to ensure efficient and safe worksite operations. Their market position is strong within the manufacturing sector, supported by multiple branch locations and a flexible contract model tailored to customer needs. Technically, the website is built on WordPress with the Divi theme and several modern plugins, hosted on Microsoft Azure DNS infrastructure, reflecting a moderate level of digital maturity. Security posture is generally good with HTTPS enabled and cookie consent implemented, though there is room for improvement in DNSSEC adoption and explicit security policies. Privacy compliance is basic, lacking a dedicated privacy policy page, which is a notable gap. Overall, the website and domain registration data indicate a legitimate and professional business with a solid online presence.

T

TKM Grupp AS

tkmgroup.ee

45

TKM Grupp AS is a leading Estonian retail and wholesale group with a significant market share, employing over 4700 people and operating a large loyalty program with more than 750,000 customers. The group has a strong market position, recognized by multiple awards for competitiveness and led by experienced management. The website reflects a mature digital presence built on WordPress with modern SEO and analytics tools integrated. Security posture is strong with HTTPS and security headers implemented, though cookie consent and explicit contact details could be improved. Overall, the site is professional and trustworthy, supporting the company's business credibility and market leadership.

B

Baltresto

baltresto.se

45

Baltresto is a Swedish-based manufacturer and retailer specializing in high-quality hot tubs and saunas, offering a diverse product range including wood and fiberglass models with advanced features. The company operates a professional e-commerce platform built on WordPress and WooCommerce, targeting consumers seeking private garden spa solutions. The website demonstrates a solid technical infrastructure with modern plugins and integrations such as Google Tag Manager and Trustpilot, supporting marketing and customer trust. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, though improvements in security headers and explicit policies are recommended. Overall, Baltresto presents a credible and professional online presence with room for enhanced privacy compliance and security transparency.

F

Fispars Oy

fispars.fi

46

Fispars Oy is a Finnish company specializing in the manufacture and sale of hot tubs and barrel saunas, primarily targeting the Finnish market. The company emphasizes product durability, affordability, and high quality, with manufacturing operations based in Estonia. Their e-commerce website is professionally designed, offering a comprehensive product catalog with clear pricing and detailed descriptions. The site is built on WordPress with WooCommerce, leveraging modern web technologies and SEO best practices to ensure good performance and user experience. Social media presence and customer reviews via Trustpilot enhance their market credibility. Security measures such as HTTPS, security headers, and cookie consent mechanisms are properly implemented, reflecting a mature security posture. Overall, the website and business demonstrate high legitimacy and professionalism, with transparent company information and consistent domain registration data.

B

Baltresto

baltresto.fr

43

Baltresto is a European manufacturer specializing in outdoor saunas and Nordic hot tubs, with a strong presence in France and other European markets. The company emphasizes high-quality, durable, and affordable products, targeting consumers seeking private spa solutions for their gardens. Their e-commerce platform is built on WordPress with WooCommerce, offering a well-structured product catalog and integration with customer trust services like Trustpilot. The website is professionally designed, mobile-optimized, and SEO-friendly, supporting a positive user experience. Security posture is good with HTTPS and basic security practices, though there is room for improvement in security headers and incident response transparency. Privacy compliance is addressed with cookie consent and a privacy policy, but lacks explicit GDPR details and a dedicated data protection officer contact. Overall, Baltresto presents a credible and trustworthy online presence aligned with its business claims.

B

Baltresto Deutschland

baltresto.de

47

Baltresto Deutschland is a specialized retailer and manufacturer of garden wellness products, including high-quality hot tubs and saunas, primarily serving the German market. The company emphasizes durability, quality, and customer satisfaction, offering a broad product range with customization options. Their digital presence is built on a WordPress WooCommerce platform, enhanced with performance and SEO optimizations. The website is professionally designed, mobile-optimized, and integrates trust signals such as customer reviews and structured data. Security posture is good with HTTPS and some security best practices, though additional headers and explicit security policies could improve it further. Privacy compliance is addressed with visible privacy and cookie policies and consent mechanisms. Overall, the site reflects a credible and trustworthy business with a solid e-commerce infrastructure.

E

Elkdata OÜ

wirumill.ee

45

Wiru Mill is an Estonian-based e-commerce business specializing in organic and specialty food products such as crispbreads and organic olive oil. The website is built on WordPress with WooCommerce, targeting consumers interested in healthy and organic food options. The business appears to be small and relatively new, founded in 2023, with hosting and domain registration managed by Elkdata OÜ, indicating a consistent and legitimate setup. Technically, the website uses modern web technologies including Google Analytics and AdSense for tracking and monetization, and WPBakery for page building. The site is mobile optimized and has a good design and user experience, although accessibility and SEO could be improved. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies and consent mechanisms. Overall, the website is functional and professional but would benefit from enhanced privacy and security practices to improve trust and compliance.

Viva.ua is a Ukrainian online media publication focused on show business, celebrity news, culture, and entertainment. It targets Ukrainian-speaking audiences interested in the latest news and exclusive content about stars and cultural events. The website features a variety of content including news articles, interviews, event coverage, and fashion and beauty topics. It operates primarily on an advertising revenue model, leveraging multiple ad networks and tracking services. Technically, the site uses modern web technologies including Google Analytics, Google Tag Manager, Facebook SDK, and header bidding for ads. The site is served over HTTPS with a good security posture, including CSRF tokens and asynchronous script loading. However, it lacks explicit privacy and cookie policies and does not provide clear contact information for business or security inquiries, which impacts its privacy compliance score. Overall, the site is professionally designed with good navigation and content quality, but could improve transparency and compliance aspects.

The website www.bolasport.com is currently inaccessible due to a CloudFront Web Application Firewall (WAF) blocking the request with a 403 error. This prevents any content retrieval or analysis of the site's metadata, scripts, or business information. The WHOIS lookup for the domain returned no registration data, indicating the domain may be unregistered, expired, or protected by privacy mechanisms that restrict WHOIS access. Consequently, no registrant or registrar information is available to verify the domain's legitimacy or business claims. The lack of accessible content and WHOIS data severely limits the ability to assess the website's business model, technical infrastructure, or security posture. The site shows no evidence of privacy policies, cookie consent mechanisms, contact information, or security best practices. Overall, the domain and website present significant trust and legitimacy concerns due to the absence of verifiable data and active blocking by security mechanisms.

Г

ГОРДОН

gordonua.com

45

ГОРДОН is a Ukrainian media company operating an online news portal providing up-to-date news, exclusive interviews, and multimedia content focused on Ukraine and global events. The website targets Ukrainian-speaking audiences interested in politics, war, culture, and current affairs. It maintains a strong market position as a recognized news source with a medium-sized operation founded in 2013. The business model relies on advertising revenue and mobile app distribution. Technically, the site uses a mix of modern and legacy technologies, including Google Analytics, Google Tag Manager, Facebook Pixel, and Cloudflare DNS services. The site is mobile-optimized and SEO-friendly but uses an outdated jQuery version and lacks some security headers. Security posture is moderate with HTTPS enforced but missing DNSSEC and some headers. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but can improve security and privacy practices.

C

Just a moment...

citrus.ua

47

The website www.ctrs.com.ua is currently inaccessible due to a Cloudflare Turnstile CAPTCHA challenge page that blocks direct access to its content. As a result, no business information, contact details, or policies are available for analysis. The site appears to be protected by Cloudflare's security mechanisms, which prevent automated scraping and analysis. Without access to the actual website content, it is not possible to assess the company's market position, services, or technical infrastructure. The security posture cannot be evaluated beyond the presence of Cloudflare's WAF and CAPTCHA protection. Overall, the site is currently in a blocked state, limiting any meaningful security or compliance assessment.

The International Society for Ethnology and Folklore (SIEF) is a well-established academic non-profit organization that fosters collaboration among scholars in European Ethnology, Folklore Studies, and Cultural Anthropology. The website serves as a hub for information on congresses, working groups, publications, and membership, targeting an academic audience. The organization maintains a consistent brand presence and offers comprehensive content relevant to its community. Technically, the site employs a mature technology stack including Bootstrap, jQuery, Google Analytics, and cookie consent mechanisms, hosted likely by NomadIT. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers could be improved and the use of an outdated jQuery version presents a minor risk. WHOIS data is unavailable, which slightly impacts domain trust but is not uncommon for non-profits. Overall, the site is professional, accessible, and trustworthy with room for technical and security enhancements.

C

Certia Oy

nefk2025.fi

43

The website nefk2025.fi represents the 36th Nordic Ethnology and Folklore Conference scheduled for June 2025 in Turku, Finland. The event is organized by Certia Oy in partnership with Åbo Akademi University and Turku University, targeting Nordic scholars and researchers interested in ethnology, folklore, and cultural studies. The site provides comprehensive information about the conference theme, programme, important dates, and practical details, supporting a niche academic audience. Technically, the site is built on WordPress using WPBakery Page Builder and integrates standard SEO and analytics tools. It is hosted by Louhi Net Oy with a valid SSL certificate ensuring secure HTTPS access. Security posture is good with cookie consent mechanisms and no visible vulnerabilities, though security headers could be improved. The WHOIS data is transparent and consistent with the business purpose, enhancing trust. Overall, the site is professional, well-structured, and compliant with privacy regulations.

H

Holstre Külaselts

holstre.ee

40

Holstre Külaselts is a local community association representing the village of Holstre in Viljandi County, Estonia. The website serves as an informational portal providing news, cultural heritage trail details, local projects, and community events. The organization appears to be a small non-profit entity focused on promoting local culture and community engagement. The website is built on WordPress using the Astra theme and Elementor page builder, incorporating modern web technologies and plugins such as Google Analytics and 360-degree image viewers. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content for its target audience. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and formal security policies. Privacy compliance is minimal, with no visible privacy or cookie policies, which is a gap for GDPR compliance. Overall, the website is trustworthy and professionally maintained but could improve in privacy and security transparency.

Netbox Finland Oy is a Finnish technology company specializing in electronic invoicing, banking connection services, EDI, and company data solutions. The company positions itself as a customer-centric digital services provider offering comprehensive integration and data management services through a single interface. Their market focus includes both private and public sector organizations seeking efficient digital transaction and data solutions. The website reflects a professional and consistent brand image with clear service offerings and customer testimonials. Technically, the website is built on WordPress with modern web technologies including Google Fonts, Libre Form plugin for contact forms, and tracking scripts such as Leadfeeder and Google Tag Manager. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Security best practices are observed with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. The security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent banner. The WHOIS data confirms the legitimacy of the domain and its alignment with the business entity. Overall, the website demonstrates a mature digital presence with good security and privacy practices. Strategically, the company should consider publishing explicit security policies and incident response information, implementing security.txt for vulnerability disclosures, and enhancing security headers to further strengthen their security posture and trustworthiness.

The website rik.ee is currently inaccessible due to a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content or business information. The domain is registered since 2010 to Elkdata OÜ, an Estonian registrar, indicating a legitimate and stable registration. However, no privacy policies, cookie notices, terms of service, contact information, or business descriptions are available on the accessible page. The technical infrastructure is heavily reliant on Cloudflare's security and analytics services, but no further technology stack or CMS details are discernible. Due to the content block, the website's security posture, privacy compliance, and business credibility cannot be properly assessed, resulting in a low overall AI score.

Merit Aktiva operates as a provider of accounting software solutions, targeting companies seeking simplified accounting processes. With over 40,000 companies relying on their software and 25 years of experience, the company holds a solid market position primarily in Estonia and neighboring countries. The business model centers on delivering easy-to-use accounting software combined with customer support, catering to small and medium-sized enterprises in the finance sector. Technically, the website employs legacy technologies such as Bootstrap 3.3.7 and jQuery 1.8.3, indicating a need for modernization to improve security and performance. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and modern frameworks. No CMS or hosting details were identified, and performance is assessed as moderate. From a security perspective, the site lacks visible security headers and privacy-related policies, which are critical for GDPR compliance and user trust. There is no evidence of HTTPS enforcement or incident response mechanisms. The absence of contact information and security disclosures further limits transparency. However, the domain WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the website presents a functional but basic digital presence with room for significant improvements in security posture, privacy compliance, and technical modernization. Strategic enhancements in these areas will strengthen trust, compliance, and user experience.

I

Inodia

inodia.fr

49

Inodia is a small regional digital agency based in Brittany, France, specializing in web design, SEO, and digital marketing services. The company targets local businesses and professionals in Lamballe, Rennes, and surrounding areas, offering tailored digital solutions to enhance online presence. The website is built on WordPress using Elementor and optimized with WPRocket, reflecting a modern and performant technical infrastructure. Privacy and cookie policies are well implemented with GDPR compliance and user consent mechanisms. Security posture is solid with HTTPS enforced and security headers present, though no explicit security policy or incident response information is published. The absence of WHOIS data limits domain trust assessment but the professional website and clear contact information support legitimacy. Overall, Inodia presents a credible and professional digital presence with room for improvement in transparency around security policies and domain registration details.

S

Semetron Ltd

mmh.ee

32

Golden Hour MMH is a specialized provider of rapid deployment mobile modular hospitals, offering a range of modular units transportable by air, sea, or land. The company targets healthcare providers, emergency responders, and government agencies, positioning itself as a niche manufacturer of modular medical solutions. The website reflects a professional and consistent brand presence with good content quality and clear navigation. Technically, the site is built on WordPress with Elementor and uses modern web technologies, providing a moderate performance and good mobile optimization. Security posture is strong with HTTPS and no obvious vulnerabilities, though security headers and incident response information are lacking. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is credible but could improve transparency and compliance aspects.

J

Jill Arcaro

jillarcaro.com

30

Jill Arcaro operates a specialized wellness and educational business focused on holistic therapies such as Thai Massage, Reiki, and Access Bars, complemented by educational travel experiences and an artisan retail store. The website is professionally designed using WordPress and WooCommerce, offering a good user experience with clear navigation and mobile optimization. Privacy and cookie policies are well implemented, indicating GDPR compliance. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy and ownership transparency. Security posture is moderate with HTTPS enabled but lacks advanced security headers and incident response information. Overall, the site presents a credible business front but requires domain registration verification and enhanced security measures.

H

HARJU ELEKTER UAB

harjuelekter.lt

46

HARJU ELEKTER UAB is a Lithuanian contract manufacturing company specializing in engineering and production of multi-drive systems, power distribution, and prototyping services primarily for industrial and marine sectors. The company operates under the Harju Elekter Group and offers Engineer-To-Order, Make-To-Order, and Assemble-To-Order business models. Their market position is that of a specialized manufacturer with capabilities for fast marine class certification and full load testing. The website is professionally designed using WordPress with Cherry Framework and Bootstrap, featuring moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and no exposed sensitive data, though security headers and incident response information are lacking. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site reflects a credible and established business with room for improvement in security and privacy transparency.

H

Harju Elekter

harjuelekter.se

39

Harju Elekter Sverige is a medium-sized business specializing in electrical distribution and electrification solutions, serving energy companies, industrial sectors, infrastructure projects, and large properties primarily in Sweden and the Nordic-Baltic region. The company is part of the larger Harju Elekter group headquartered in Estonia, with a well-established market presence since 2010. Their website reflects a professional and consistent brand image, showcasing key services such as prefabricated distribution stations, transformers, SCADA systems, and fiber cabinets. Technically, the site is built on WordPress using the Avada theme and incorporates modern SEO and marketing tools, including Google Tag Manager and Facebook Pixel. Security posture is adequate with HTTPS enforced and reCAPTCHA protecting forms, though improvements like DNSSEC and security headers are recommended. Privacy compliance is addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a solid business credibility and digital maturity appropriate for its sector and size.

W

WhosOn

whoson.com

41

WhosOn is a UK-based technology company specializing in advanced live chat and AI-driven chatbot solutions tailored for enterprise businesses. Established in 2003, the company offers a comprehensive suite of services including live chat software, AI chatbots, help desk integration, analytics, and flexible deployment options such as on-premises and cloud hosting. Their market position is strong within the UK, supported by long-term operation and recognized certifications. The website reflects a professional and consistent brand image targeting large-scale, regulated industries requiring secure and scalable communication tools. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Blazor WebAssembly, and FontAwesome, hosted on AWS infrastructure. The site is mobile-optimized with good SEO and accessibility basics, though some improvements could be made in accessibility and cookie consent mechanisms. Analytics are implemented via Statcounter and Google Tag Manager, indicating moderate user tracking. From a security perspective, the company demonstrates a solid posture with HTTPS enforcement, encryption, intrusion prevention, and data masking. Certifications such as Cyber Essentials and FSQS further reinforce trust. However, DNSSEC is not enabled, and security headers are not explicitly detected, suggesting room for enhancement. Incident response contact details and vulnerability disclosure policies are not publicly visible, which could be improved to strengthen transparency and readiness. Overall, WhosOn presents a credible, secure, and professional online presence with minor gaps in privacy compliance and security transparency. Strategic recommendations include enabling DNSSEC, implementing a visible cookie consent mechanism, publishing incident response contacts, and enhancing security headers to elevate trust and compliance.

XiBE is a Netherlands-based technology company offering a cloud-based ideas realization platform designed to facilitate employee collaboration in idea sharing, selection, and execution. The website presents a modern, user-friendly interface hosted on the Weebly platform, targeting organizations seeking to enhance bottom-up innovation. The platform emphasizes ease of use and community engagement, supported by client testimonials and logos from reputable organizations. Technically, the site employs standard web technologies including jQuery and Google Analytics, with moderate performance and mobile optimization. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and visible privacy or cookie policies, which are critical for GDPR compliance. No contact information or incident response channels are provided, limiting transparency and user trust. Overall, the site is professional and credible but would benefit from enhanced privacy compliance and security best practices.

N

Neway

neway.ee

49

Neway is an award-winning brand and experience design agency based in Estonia, with a domain age consistent with its claimed business history since 2007. The company specializes in creating brands and experiences from strategy through execution, targeting businesses seeking high-quality creative services. The website showcases a professional portfolio with multimedia content and highlights multiple industry awards, positioning Neway as a reputable player in the creative agency market. Technically, the website uses modern JavaScript frameworks such as Vue.js, integrates multiple analytics and marketing tools, and is hosted by Zone Media OÜ. Security posture is strong with HTTPS enforced, reCAPTCHA on forms, and cookie consent implemented, though explicit security policies and incident response information are absent. Privacy compliance is partial due to missing privacy and terms of service pages. Overall, the website is professional, trustworthy, and technically sound, with room for improvement in privacy and security transparency.

V

Vanalinna Ehitus

vlrestaurering.se

40

Vanalinna Ehitus is a specialized restoration company focusing on the renovation of plastered facades and restoration of wooden windows and doors, particularly for culturally protected and historically valuable buildings. The company operates primarily in Sweden and emphasizes quality craftsmanship, flexibility, and preservation of architectural heritage. Their market position is that of a niche specialist serving clients who require expert restoration services for heritage properties. Technically, the website is built on WordPress with modern front-end technologies such as Bootstrap and jQuery, optimized for performance and mobile responsiveness. SEO practices are well implemented, and the site uses structured data to enhance search engine understanding. Hosting details are not explicit, but the domain is registered with Ascio and uses European name servers. From a security perspective, the site uses HTTPS with good SSL configuration but lacks DNSSEC and some recommended security headers. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy policy and cookie consent mechanism present, but no terms of service or explicit security policies. Contact information is clear and professional, enhancing business credibility. Overall, the website presents a professional and trustworthy image with a solid technical foundation and good content quality. The main areas for improvement include enhancing security headers, publishing a security policy, and improving privacy compliance details to align better with GDPR requirements.

The website weandthecolor.com is currently inaccessible due to a database connection error, resulting in no visible content or metadata for analysis. The domain is registered with IONOS SE since 2010, indicating a stable and legitimate registration history. However, the lack of accessible content prevents assessment of business operations, services, or compliance policies. Technically, the site shows no evidence of modern security headers or DNSSEC, and the SSL configuration could not be verified. The absence of privacy and cookie policies indicates non-compliance with GDPR and related regulations. Overall, the website's current state represents a critical operational and security risk that must be addressed promptly.

E

Etapes :

etapes.com

49

Étapes is a well-established French media company specializing in design, image, and visual communication since 1994. The website serves as a digital magazine platform offering editorial content, subscription services, event agendas, and job listings targeted at design professionals and enthusiasts. The company maintains a consistent brand presence across multiple social media platforms, reinforcing its market position as a reference media in its sector. Technically, the website is built on WordPress with WooCommerce integration for e-commerce capabilities, leveraging modern web technologies and SEO plugins to optimize content delivery and user experience. Security posture is adequate with HTTPS enabled and use of reCAPTCHA, but lacks visible security headers and explicit privacy and cookie policies, which are critical for compliance and trust. The absence of WHOIS registration data raises concerns about domain legitimacy, warranting further verification. Overall, the site is professional and functional but would benefit from enhanced transparency and security practices.

O

ooogo LLC.

ad110.com

26

AD110 is a non-profit project operated by ooogo LLC., focusing on art, design, creativity, and lifestyle content primarily targeted at design professionals and enthusiasts. The website offers curated articles, design resources, event coverage, and job listings within the creative industry. The platform positions itself as a niche media outlet with a long-standing presence since 2004, emphasizing open content sharing under Creative Commons licensing. Technically, the site is built using modern JavaScript frameworks such as Vue.js, with a custom CMS or proprietary platform, and includes advertising via Google Adsense. While the design and user experience are good, the site lacks HTTPS, security headers, and formal privacy or cookie policies, which impacts its security posture and privacy compliance. The domain is registered with GoDaddy and shows no suspicious WHOIS patterns, supporting its legitimacy. Overall, the site is functional and professional but requires significant improvements in security and privacy to meet modern standards.

A

Andevis

virosoft.ee

42

Andevis is an Estonian software development company specializing in integrated HR and payroll management solutions, including their flagship Virosoft HR system. The company targets businesses seeking tailored personnel accounting, work time tracking, payroll, training, and self-service portals. The website is professionally designed using WordPress and includes multiple contact forms secured with Google reCAPTCHA v2. The technical infrastructure is modern but lacks some advanced security headers. The domain is well-established since 2010 and registered with an Estonian registrar consistent with the business location. However, the site lacks visible privacy and cookie policies, which impacts compliance scores. Overall, the website presents a credible and professional business presence with room for improvement in privacy and security practices.

Connect.ge is a Georgian digital agency specializing in comprehensive web services including website development, UX/UI design, hosting, SEO, and digital marketing. Established in 2011, the company targets businesses seeking to enhance their online presence with professional and innovative digital solutions. Their market position is that of a trusted local provider with a strong portfolio and active social media presence. Technically, the website leverages modern frameworks such as Nuxt.js and Vue.js, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is well addressed with detailed policies and GDPR alignment. Overall, Connect.ge presents a professional, trustworthy, and technically mature digital presence.

1

152 MEDIA

152media.com

49

152 MEDIA is a specialized AdTech company focused on delivering innovative programmatic advertising solutions for publishers and buyers. With over 14 years of experience, the company operates a dedicated development lab leveraging AI to enhance digital advertising profitability and campaign performance. The website reflects a mature business with a clear market position and a professional digital presence. Technically, the site is built on WordPress with modern frameworks and includes essential security features such as HTTPS and Google reCAPTCHA. Privacy compliance is addressed through a cookie consent mechanism and a privacy policy, though terms of service and security policies are not explicitly found. The security posture is solid but could be improved by adding security headers and formal incident response information. Overall, the website is trustworthy, well-maintained, and aligned with the business claims.

The domain hm.ee is registered to the Estonian Ministry of Education and Research, indicating a government-operated website focused on education and research sectors. However, the website content is currently inaccessible due to a Cloudflare Turnstile captcha security challenge, preventing direct analysis of the site's content, policies, or contact information. The technical infrastructure leverages Cloudflare for security and performance, but DNSSEC is not enabled, representing a minor security gap. The security posture is difficult to assess fully due to the blocked content, but the use of Cloudflare's WAF and captcha indicates a proactive approach to mitigating automated threats. Overall, the domain registration data is consistent and legitimate, reflecting a stable government entity. Strategic recommendations include enabling DNSSEC, publishing clear privacy and security policies, and ensuring accessibility without excessive security barriers to improve user experience and transparency.

E

Eesti Õpilasesinduste Liit

escu.ee

37

Eesti Õpilasesinduste Liit is the largest youth organization in Estonia representing approximately 90,000 students through its member schools. The organization focuses on advocating for student interests, organizing events, and providing resources to member schools. The website is built on WordPress using the Avada theme and integrates Gravity Forms for contact and application forms. It demonstrates a moderate level of digital maturity with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and spam prevention in forms, but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to absence of explicit privacy and cookie policies. Overall, the website is professional and trustworthy, serving an essential role in the Estonian education sector.

M

MTÜ Noorteühing Tugiõpilaste Oma Ring Eestis

tore.ee

42

MTÜ Noorteühing Tugiõpilaste Oma Ring Eestis (TORE) is a well-established Estonian non-profit organization focused on youth peer support, mentoring, and training programs. The organization operates nationally with a history of nearly three decades, offering structured events such as summer and autumn schools, conferences, and supervision sessions. Their target audience includes Estonian students and their mentors, aiming to empower youth through systematic engagement and education. The website reflects this mission with relevant content, event announcements, and training information. Technically, the website is built on WordPress 6.8.1 with popular plugins like Yoast SEO and Modern Events Calendar Lite, indicating a mature digital infrastructure. The site uses HTTPS with a good SSL configuration, Google Fonts, and jQuery libraries. Performance is moderate with good mobile optimization and basic accessibility features. SEO is well addressed through meta tags and structured data. From a security perspective, the site enforces HTTPS and includes a cookie consent banner, demonstrating awareness of privacy compliance. However, it lacks explicit privacy and terms of service pages, security headers, and incident response contacts, which are areas for improvement. No WAF or blocking mechanisms were detected, and no vulnerabilities were apparent in the HTML content. Overall, the website is credible and professional, with strong business legitimacy and consistent branding. The main risks relate to privacy compliance and security best practices, which can be addressed to enhance trust and regulatory adherence.

T

Taimne Teisipäev | Sest elu on tähistamist väärt!

taimneteisipaev.ee

42

Taimne Teisipäev is a niche Estonian website dedicated to promoting healthier eating habits by encouraging more plant-based food consumption. The site targets health-conscious consumers interested in lifestyle changes towards plant-based diets. The business model appears to be informational and advocacy-focused, without direct e-commerce or transactional services. The website uses modern frontend technologies including Bootstrap and Nuxt.js, and integrates popular analytics and tracking tools such as Google Analytics and Facebook Pixel, indicating a moderate level of digital maturity. However, the absence of explicit privacy, cookie, and terms of service policies suggests gaps in compliance and transparency. Security posture is moderate with HTTPS usage implied, but lacks published security policies or incident response contacts. Overall, the domain registration is consistent and legitimate, supporting the website's credibility. Strategic improvements in privacy compliance and security transparency are recommended to enhance trust and regulatory adherence.

P

Peaasi.ee

peaasi.ee

48

Peaasi.ee is a well-established Estonian non-profit organization dedicated to supporting youth mental health through a comprehensive online portal. The website offers extensive mental health information, e-counseling services, first aid tools, and training programs aimed at improving mental wellbeing among Estonian youth and those working with them. The organization maintains a strong market position as a leading mental health resource in Estonia, supported by multiple partnerships and funding sources. Technically, the site is built on WordPress with a modern tech stack including WooCommerce, Bootstrap, and various analytics and marketing tools, demonstrating a mature digital infrastructure. The website is multilingual and optimized for mobile devices, providing a good user experience and accessibility. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers and explicit cookie consent mechanisms are missing, representing areas for improvement. Overall, the site is professional, trustworthy, and compliant with GDPR, though enhancing privacy compliance and security policies would strengthen its risk profile.

L

Lastekaitse Liit

kiusamisestvabaks.ee

42

Kiusamisest vabaks is a non-profit educational platform operated by Lastekaitse Liit, focused on bullying prevention in Estonia. The website offers multilingual educational materials and awareness content targeting nurseries, kindergartens, and grade schools. It collaborates with reputable partners including the Estonian Ministry of Education and Research and international child protection organizations. The platform is well-positioned within its niche, serving educators, parents, and children with relevant resources. Technically, the website is built on WordPress with modern technologies such as Bootstrap, jQuery, and Google services for analytics and tag management. It employs multilingual support via WPML and uses SEO best practices including structured data and Open Graph metadata. The site is mobile-optimized and performs moderately well, with a consistent and professional design. From a security perspective, the site enforces HTTPS and uses Google reCAPTCHA for form protection. However, it lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Overall, the website demonstrates a solid business credibility and technical foundation with room for improvement in privacy compliance and security transparency. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

N

Norrison OÜ

norrison.ee

44

Norrison OÜ is an established Estonian company specializing in the manufacturing and retail of knitwear, workwear, school uniforms, and fashion apparel. Founded in 2010, it holds a strong market position as the largest school uniform producer and quality knitwear creator in Estonia. The website serves as a professional e-commerce platform targeting Estonian consumers interested in locally produced, ethically made clothing. The company emphasizes quality, local production, and customer satisfaction, supported by testimonials and a consistent brand presence across social media channels. Technically, the website is built on the PrestaShop CMS platform, leveraging modern web technologies including jQuery, Matomo analytics, and Facebook Pixel for marketing and tracking. The site is hosted by Zone Media OÜ, a reputable Estonian hosting provider. The website demonstrates good mobile optimization, SEO practices, and user experience, although accessibility features are basic. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, reflecting compliance with GDPR requirements. However, explicit security headers such as Content-Security-Policy and X-Frame-Options are not evident, and the extensive use of third-party tracking scripts may raise privacy considerations. No incident response or security policy information is publicly available, indicating an area for improvement. Overall, the website is trustworthy and professionally maintained, with a solid business foundation and digital presence. Strategic enhancements in security headers, privacy transparency, and incident response readiness would further strengthen its security posture and compliance standing.

E

Eesti Maksumaksjate Liit

maksumaksjad.ee

49

Eesti Maksumaksjate Liit (EML) is a well-established Estonian non-profit organization founded in 1995, dedicated to protecting taxpayers' interests, providing tax consultation, education, and advocacy. The website serves as a portal offering news, training, legal advice, and publications related to taxation in Estonia. The organization targets Estonian taxpayers and businesses seeking reliable tax information and support. Technically, the website is built on WordPress, utilizing modern libraries such as jQuery and Slick Slider, with Google Analytics and CookieYes for tracking and consent management. The site is hosted by Radicenter OÜ and uses HTTPS with a good security posture, including a comprehensive cookie consent mechanism. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the website is professional, accessible, and trustworthy, with good SEO and privacy compliance, supporting EML's role as a credible tax advocacy entity.

E

ETKA Andras

andras.ee

44

ETKA Andras is a well-established Estonian non-profit organization dedicated to adult education and lifelong learning. The website serves as a hub for adult learners and educators, providing information on training, certification, and community events. The organization partners with the Estonian Ministry of Education and Research and benefits from European Social Fund programs, reinforcing its credibility and national importance. The site is multilingual, primarily in Estonian, with English and Russian options, enhancing accessibility for diverse audiences. Technically, the website is built on WordPress with modern plugins and frameworks, offering a good user experience and moderate performance. Security measures include HTTPS and reCAPTCHA integration, though additional security headers and explicit privacy policies are recommended to enhance compliance and trust. Overall, the site reflects a professional, trustworthy educational entity with a clear mission and stable digital presence.