High-risk security reports

L

Luwi OÜ

luwi.ee

45

Luwi OÜ operates as a specialized training center in Estonia, providing a broad range of educational services including group and individual training courses, psychological and addiction counseling, and supervision services. The company is recognized as a partner of the Estonian Unemployment Insurance Fund's training card program, which enhances its credibility and market position. The website is professionally designed, multilingual, and offers clear navigation to various training categories and services, targeting individuals and organizations seeking professional development in Estonia. Technically, the website is built on WordPress with a modern technology stack including Bootstrap, jQuery, and several optimization and security plugins. It employs Google reCAPTCHA v3 for form protection and uses cookie consent mechanisms to comply with privacy regulations. The site is hosted by Zone Media OÜ, a known Estonian hosting provider, and demonstrates moderate performance and good mobile optimization. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms, but lacks explicit security headers and published security policies or incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic but present, with a privacy policy and cookie consent banner. Business credibility is strong with clear contact information, company registration details, and trust signals such as partnerships and certifications. Overall, Luwi OÜ's website presents a trustworthy and professional online presence with room for improvement in security header implementation and formal security policies. The risk level is moderate with no critical issues detected, making it a reliable platform for its users.

M

Mineflow

mineflow.ai

49

Mineflow is a newly founded AI-driven mineral exploration startup focused on transforming exploration site data into accurate 3D and 2D models of mineral deposits such as gold and copper. The company targets mining professionals and geologists with a SaaS platform leveraging advanced AI technologies. The website is built using modern web technologies including React and Next.js, providing a good user experience with responsive design and clear navigation. Analytics are implemented via PostHog, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced, but lacks DNSSEC and security headers, and no privacy or cookie policies are published, which are critical for compliance and trust. The domain is privacy protected and very new, consistent with a startup profile. Overall, the website is professional but would benefit from enhanced privacy compliance and security hardening.

ČSOP Tilia is a small Czech non-profit organization dedicated to ecological education and youth engagement, focusing on renewable energy and environmental projects. The website provides information about their activities, projects, and contact details, targeting children, youth, and educators in the Ústecký region. The organization appears to be supported by regional and EU funding, as indicated by logos and project descriptions. Technically, the website is built on the eStránky.cz platform using older JavaScript libraries and includes basic social media integration via Facebook SDK. Security posture is limited with no visible security headers and unknown SSL configuration. Privacy and cookie policies are absent, indicating compliance gaps. WHOIS data is unavailable, which reduces domain trust but does not necessarily indicate malicious intent given the nature of the organization. Overall, the website is functional but basic in design and security, suitable for a small non-profit but requiring improvements in security and compliance.

W

Wellness Hotel Lužan

hotelluzan.cz

44

Wellness Hotel Lužan is a small hospitality business offering luxury accommodation, wellness services, and dining near the Czech Switzerland region. The website presents a professional and consistent brand image with clear navigation and relevant content targeting tourists seeking comfort and relaxation. The technical infrastructure leverages ASP.NET WebForms with modern front-end libraries such as jQuery, Bootstrap, and Google Maps API, supporting a good user experience and mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information are lacking. Privacy and cookie policies exist but could be enhanced with explicit consent mechanisms. Overall, the website is trustworthy and functional, but the absence of WHOIS data limits domain legitimacy verification.

D

Dráha národního parku

drahanp.cz

44

Dráha národního parku operates as a specialized regional tourism and transportation information platform focused on the Czech and Saxon Switzerland national parks and surrounding protected areas. The website provides comprehensive travel information including railway routes, bus connections, trip recommendations, ticketing, and timetables, targeting tourists and visitors interested in exploring these natural regions. The business model centers on promoting sustainable travel experiences by train and bus, supported by partnerships with regional transport and tourism organizations. Technically, the website is built on WordPress with common plugins such as LayerSlider, Contact Form 7, and Yoast SEO, and integrates Google Tag Manager for analytics and marketing. The site is mobile-optimized and SEO-friendly, with structured data enhancing search visibility. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers and explicit privacy and incident response policies are absent. Overall, the website is professional and trustworthy, though it would benefit from enhanced privacy documentation and security best practices to improve compliance and user trust.

I

Institute of National Anti-Doping Organisations

inado.org

46

The Institute of National Anti-Doping Organisations (iNADO) is a non-profit international membership organization dedicated to supporting National Anti-Doping Organisations (NADOs) and Regional Anti-Doping Organisations (RADOs). It promotes best practices, fosters community collaboration, and serves as a global voice advocating for clean sport. The website reflects a professional and well-structured platform that provides resources, news, and event information relevant to anti-doping experts and stakeholders. Technically, the website is built on the TYPO3 CMS platform, integrating modern tools such as Google Tag Manager for analytics and Usercentrics for consent management, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. However, some security headers are missing, and there is no publicly visible security policy or incident response information. From a security perspective, the site enforces HTTPS and employs consent mechanisms for privacy compliance, aligning with GDPR requirements. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is typical for organizations of this nature, and does not raise immediate concerns. Overall, the site demonstrates a solid security posture but could improve transparency around security policies and incident response. The overall risk assessment is low, with recommendations focusing on enhancing security headers, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen trust and compliance.

The website 'Spordin puhtalt!' is an Estonian e-learning platform dedicated to educating amateur athletes about antidoping rules, prohibited substances, and healthy sports practices. It is operated by SA Eesti Antidoping and supported by notable Estonian sports figures and international partners such as UNESCO. The platform offers educational content, exercises, videos, and testimonials to promote clean sports. Technically, the site is built on WordPress with common plugins and uses HTTPS with a moderate performance profile. However, it lacks visible privacy and cookie policies and security headers, which are areas for improvement. The absence of explicit contact emails or phone numbers limits direct communication channels, though a contact form is present. Overall, the site is trustworthy and professionally presented but could enhance its privacy compliance and security posture.

Oxiapps.com presents a professional website offering a Shopify app focused on social login integration to simplify customer authentication and improve signup rates. The business targets e-commerce store owners seeking to enhance user experience through social media login options. The website is built on WordPress using WPBakery Page Builder and includes modern UI elements such as sliders and responsive design. However, the absence of WHOIS registration data raises concerns about domain legitimacy and trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact information is provided, which impacts compliance and user trust. Security posture is moderate with no visible security headers or incident response information. Overall, the site is functional and well-designed but lacks critical compliance and trust elements.

P

PR-room

pr-room.cz

45

PR-room is a small Czech Republic based business specializing in custom WordPress website development and graphic design services. The company is led by Ing. Kristýna Včeláková, who has extensive experience since 2014 and formal training in web development and graphic design. The website demonstrates a professional service offering with references to client sites and a clear contact section including email, phone, and LinkedIn profile. Technically, the site uses modern WordPress and WooCommerce versions, integrates Google Analytics, and is served over HTTPS, indicating a reasonable digital maturity level. However, the absence of privacy and cookie policies, lack of security headers, and missing WHOIS registration data present compliance and trust concerns. Overall, the security posture is moderate but could be improved with better policy disclosures and security headers.

Tady Chutná is a hospitality business operating four distinct restaurants in the heart of Prague, specializing in traditional Czech and Austro-Hungarian cuisine. The brand emphasizes quality food, regional wines, and a rich historical ambiance, targeting both locals and tourists seeking authentic dining experiences. The parent company, Husičky s.r.o., manages these establishments with a focus on culinary heritage and customer satisfaction. The website serves as a central hub linking to each restaurant's dedicated site and provides daily menu offerings and contact information. Technically, the website is built on WordPress 6.8.1, utilizing modern JavaScript libraries such as jQuery and Slick Carousel for interactive elements. It integrates Google Tag Manager and Facebook Pixel for analytics and marketing, alongside Cookiebot for GDPR-compliant cookie consent management. Hosting is provided by Webglobe, consistent with the domain's WHOIS data. The site is mobile-optimized and SEO-friendly, with structured data enhancing search engine visibility. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and published security policies. No forms are present for direct data collection, reducing attack surface, but the absence of privacy and terms of service documents represents a compliance gap. No incident response or vulnerability disclosure information is available, which could be improved to enhance trust and preparedness. Overall, the website presents a professional and trustworthy front for a medium-sized hospitality business, with good technical implementation and moderate privacy compliance. Strategic improvements in policy transparency and security posture would further strengthen its risk profile and customer confidence.

E

Ettevõtja infovärav Aktiva

aktiva.ee

40

Aktiva.ee is an Estonian business information portal focused on supporting entrepreneurs at various stages, including startups, operating companies, and those expanding internationally. The platform offers practical guidance, resources, and insights to help businesses succeed, with content tailored to the Estonian market and language. The website is positioned as a trusted resource for business knowledge and development in Estonia, with a clear focus on entrepreneurship and business growth.

F

FCI Levadia

fcilevadia.ee

31

FCI Levadia is an Estonian football club with an online presence primarily focused on providing football-related content and engaging with local sports fans. The website is built on WordPress and utilizes common plugins such as Yoast SEO and WP Rocket to enhance SEO and performance. The technical infrastructure is moderate, hosted by Zone Media OÜ, a known Estonian registrar and hosting provider. The site is accessible without any WAF or security challenge blocking content. However, the website lacks critical privacy and cookie policies, contact information, and published security or incident response policies, which are important for compliance and trust. Security posture is basic with no advanced headers or vulnerability disclosures evident. Overall, the site is functional but would benefit from improvements in privacy compliance, security best practices, and business transparency.

C

Citadele pank

citadeleleasing.ee

46

Citadele pank is a well-established financial institution in Estonia offering leasing services primarily focused on vehicle financing. The website provides detailed leasing options, including a calculator and a dedicated leasing portal for customers to manage their contracts and applications. The business targets private individuals seeking flexible leasing solutions with personalized interest rates and competitive terms. The company is part of the larger Citadele Group, indicating a strong market position in the Baltic financial sector. Technically, the website employs modern web technologies such as jQuery, Bootstrap, and Google Tag Manager, with a CMS likely being October CMS. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security-wise, the site enforces HTTPS, uses security headers, and implements cookie consent mechanisms, though explicit security and incident response policies are not publicly available. WHOIS data confirms the domain's legitimacy and consistency with the business identity. Overall, the website reflects a professional and trustworthy financial service provider with room for improvement in transparency around security policies and incident response.

F

Fabricca

btsaf.com

46

Fabricca is an international, award-winning creative design and branding agency founded in 2013 and based primarily in North Macedonia with presence in Munich and Vienna. The agency offers a broad range of creative services including design, branding, web development, motion graphics, digital marketing, copywriting, video production, and photography. With a team of about 20 professionals and over 1000 clients served globally, Fabricca positions itself as a multi-disciplinary agency focused on delivering high-quality creative solutions. The website reflects a mature digital presence built on WordPress with modern frontend technologies and SEO optimizations. Hosting is provided by DreamHost, and the domain is registered via NameCheap with a consistent registration history. Security posture is good with HTTPS enforced and domain transfer protection, but lacks some security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is professional, trustworthy, and well-structured, but could improve compliance and security transparency.

A

Artis Zelmenis

artiszelmenis.lv

33

Artis Zelmenis operates a small Latvian-based business website offering a variety of services including web development, SEO, legal assistance, photography, advertising, and educational content. The site targets local SMEs, individuals, and students, providing multilingual content in English, Latvian, and Russian. The business appears niche-focused with a stable presence since 2012. Technically, the website uses standard JavaScript libraries and social media SDKs for Facebook, Twitter, VK, and Draugiem.lv, alongside Google Analytics for traffic monitoring. The site shows moderate performance and basic mobile optimization but lacks modern frameworks or CMS indications. SEO is reasonably addressed with meta tags and multilingual support. Security posture is moderate but with notable gaps: no visible HTTPS enforcement, absence of security headers, and use of some HTTP resources that may cause mixed content issues. Privacy compliance is weak due to missing privacy and cookie policies. Contact information is limited to a contact form without explicit emails or phone numbers. Overall, the website is functional and professional but requires improvements in security, privacy compliance, and technical modernization to enhance trust and user safety.

Baltic Legal operates a specialized immigration and legal consultancy website focused on residence permits and immigration services in Latvia and the broader European Union. The company offers services including residence permits via real estate investment, business investment, and bank deposits, alongside legal assistance in corporate and immigration law. The website is well-structured, multilingual, and provides detailed information about immigration policies, visa requirements, and investment options. Technically, the site uses standard web technologies with Google Analytics and Tag Manager for tracking, but lacks advanced security headers and cookie consent mechanisms. The WHOIS data is fully redacted as per EURid policy, which is typical for .eu domains and does not raise immediate concerns. Overall, the site presents a professional image with moderate technical maturity and some room for security and privacy improvements.

The website kul.ee is registered to Haridus- ja Teadusministeerium (EENet), an Estonian government entity, with a domain age dating back to 2010. The site is currently inaccessible due to a Cloudflare security challenge page requiring human verification, which blocks access to actual website content. Consequently, no business description, contact information, or user-facing content is available for analysis. The technical infrastructure relies on Cloudflare services for security and performance, including the Turnstile captcha and Cloudflare Insights for analytics. Security posture cannot be fully assessed due to the blocked content, but the use of Cloudflare indicates a baseline security approach. Privacy and cookie policies are not detectable on the challenge page, and no forms or data collection mechanisms are visible beyond the security verification. Overall, the domain registration data supports legitimacy as a government entity website, but the lack of accessible content limits comprehensive evaluation.

K

Kultuurkapital

kulka.ee

49

Kultuurkapital is a key Estonian non-profit government-related institution dedicated to supporting culture and cultural heritage through targeted funding and grants. The website provides extensive information about various cultural programs, expert groups, and funding opportunities, primarily targeting Estonian cultural organizations and artists. The domain is well-established since 2010 and registered with a reputable Estonian registrar, supporting the legitimacy of the organization. Technically, the website uses the Voog CMS platform and integrates Google Analytics and Tag Manager for user tracking. The site is moderately optimized for performance and mobile devices, with a clear navigation structure and professional design. However, explicit privacy and cookie policies are missing, and no contact emails or phone numbers are directly visible in the HTML content, which may impact user trust and privacy compliance. Security headers are not detected, indicating room for improvement in security posture. Overall, the website is professional and trustworthy but could enhance privacy compliance and security best practices.

R

Rollmer OÜ

rollmer.ee

41

Rollmer OÜ is an established Estonian company specializing in the sale of industrial accessories including bearings, seals, and power transmission products. The company operates both retail and wholesale channels with physical stores located in Tallinn and Tartu, targeting industrial, agricultural, forestry, service, and retail businesses. The website reflects a professional presence with clear product categories and consistent branding, supporting its market position as a regional supplier. Technically, the site is built on WordPress using the Enfold theme and Yoast SEO plugin, indicating moderate digital maturity. However, the absence of HTTPS enforcement and security headers represents a significant security gap. Privacy compliance is weak, with no visible privacy or cookie policies and no consent mechanisms. The site lacks active analytics tracking despite plugin presence, suggesting limited user data collection. Overall, the security posture is moderate but requires improvements to meet modern standards. Strategic recommendations include implementing HTTPS, adding security headers, establishing privacy and cookie policies, and enhancing incident response capabilities to strengthen trust and compliance.

E

Eesti Olümpiakomitee

eok.ee

35

Eesti Olümpiakomitee is the official umbrella organization for sports and Olympic activities in Estonia, providing support to athletes, organizing events, and promoting sports culture nationally. The website reflects a well-established non-profit entity with strong partnerships and sponsorships, targeting the Estonian sports community and general public interested in Olympic sports. Technically, the site uses a modern stack including Bootstrap, jQuery, and Voog CMS, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent implemented, though some improvements in security headers and library updates are recommended. Privacy compliance is moderate with a clear cookie consent mechanism but lacking explicit privacy policy and terms of service pages. Overall, the site is professional, trustworthy, and functional with room for technical and compliance enhancements.

E

Eesti Antidopingu ja Spordieetika Sihtasutus

eadse.ee

43

Eesti Antidopingu ja Spordieetika Sihtasutus is a government-affiliated non-profit organization dedicated to promoting fair play, anti-doping measures, and ethical conduct in sports within Estonia. The organization provides education, prevention, and regulatory oversight services to athletes, sports organizations, and the public. The website serves as an informational and educational platform with resources, news, and training offerings related to sports ethics and anti-doping. Technically, the website is built on WordPress using the Avada theme and integrates modern plugins such as Yoast SEO and Revolution Slider. It employs Google Analytics for visitor tracking but lacks visible cookie consent mechanisms and privacy policy disclosures, which are critical for GDPR compliance. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, but security headers and incident response information are absent. Overall, the website is professional, well-branded, and trustworthy, though it would benefit from enhanced privacy compliance and explicit contact details.

P

PD Instore

neoinstore.com

43

NEO Retail Displayware is a specialized retail merchandising company offering innovative pegboard hardware and signage solutions under the patented neoPEGS™ brand. Their products target retail businesses seeking modern, customizable, and cost-effective displayware. The website is built on WordPress using WPBakery Page Builder and includes standard web technologies such as jQuery and FontAwesome. The technical infrastructure is moderate in performance with good mobile optimization but basic accessibility and SEO features. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional and trustworthy but would benefit from improved privacy and security practices.

R

Restaurace Mincovna

restauracemincovna.cz

45

Restaurace Mincovna is a well-established restaurant located in the prestigious Staroměstské náměstí in Prague, offering traditional Czech cuisine with a modern twist and a selection of wines and Pilsner tank beer. The business targets both tourists and local patrons, leveraging its historic ambiance and prime location to maintain a strong market position in the hospitality sector. The website reflects a professional digital presence with clear branding and comprehensive business information. Technically, the website is built on WordPress with modern analytics and marketing tools integrated, including Google Analytics 4 and Google Tag Manager. The site implements a robust cookie consent mechanism aligned with GDPR requirements, enhancing privacy compliance. Performance and mobile optimization are good, though accessibility features are basic. No significant technical vulnerabilities were detected, but security headers could be improved. From a security perspective, the site uses HTTPS and employs cookie consent management, but lacks visible security headers and a public security or incident response policy. The absence of WHOIS data limits domain trust verification, though the website content and business details appear legitimate. Overall, the site demonstrates a moderate to good security posture with room for enhancement in transparency and technical security controls. Strategically, the business should focus on improving security headers, publishing incident response and vulnerability disclosure policies, and obtaining verifiable WHOIS data to enhance trust. Continued investment in privacy compliance and user experience will support sustained market credibility and customer trust.

V

VeKaPa s.r.o.

utelleru.cz

48

Restaurant U Tellerů is a small hospitality business located in Prague, Czech Republic, specializing in modern Czech cuisine and charcoal-grilled steaks. The restaurant emphasizes quality dining experiences with a focus on local specialties and beverages such as Pilsner Urquell beer. The website supports reservations and offers gift vouchers, targeting local and tourist diners seeking authentic Czech culinary experiences. The business maintains an active presence on social media platforms including Facebook, Instagram, Pinterest, and TripAdvisor, enhancing its market visibility and customer engagement. Technically, the website is built on WordPress CMS, utilizing common plugins for analytics, cookie consent, and responsive design. It integrates Google Analytics 4, Facebook Pixel, and Google Tag Manager for marketing and tracking purposes, with a compliant cookie consent mechanism in place. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features are basic. Performance is moderate, with room for improvement in loading speed and security headers. From a security perspective, the site enforces HTTPS and employs cookie consent with opt-in features, reflecting a good privacy posture. However, the absence of security headers and a published privacy policy or incident response information indicates areas for enhancement. The WHOIS data is unavailable, which raises concerns about domain registration transparency but does not directly impact the website's operational legitimacy. Overall, the website presents a professional and trustworthy front for the restaurant business, with recommendations to improve security practices, publish comprehensive privacy and security policies, and verify domain registration details to strengthen trust and compliance.

B

Bloom Robbins SI

bloomrobbins.si

47

Bloom Robbins SI is a Slovenian e-commerce business specializing in vitamins and supplements aimed at supporting hair health and growth. The company operates primarily through a Shopify-based online store, targeting consumers interested in hair care products. The website is professionally designed with consistent branding and good content quality, focusing on product benefits and customer engagement. The business appears to be relatively new, with domain registration dating from early 2023, and is part of a broader network of regional sister sites serving multiple European countries. Technically, the website leverages modern e-commerce technologies including Shopify's Dawn theme, Google Tag Manager, Facebook Pixel, and Klaviyo for marketing automation and analytics. Hosting is managed via Cloudflare, ensuring good performance and security. The site includes GDPR-compliant cookie consent mechanisms and a clear privacy policy, reflecting a mature approach to privacy and data protection. However, some standard legal pages such as terms of service and security policies are missing, and no direct contact information is readily available on the site. From a security perspective, the site enforces HTTPS and employs consent management for tracking and marketing scripts. While no critical vulnerabilities or exposed sensitive data were detected, the absence of explicit security headers and incident response information suggests room for improvement. The domain registration is consistent and transparent, with no privacy protection masking registrant details, which supports legitimacy. Overall, Bloom Robbins SI presents a solid e-commerce presence with good technical and privacy compliance foundations. Strategic enhancements in security policies, contact transparency, and legal documentation would further strengthen trust and compliance posture.

T

TESCO

tesco.cz

39

TESCO.cz is a Czech-based technology business specializing in servers and workstations, primarily offering Intel platform servers, server components, custom configurations, and maintenance services. The website presents a straightforward informational portal targeting businesses requiring reliable IT infrastructure hardware. The domain has a long history dating back to 1997, supporting the company's established market presence. Technically, the website uses jQuery and Google Analytics but lacks modern CMS or advanced frameworks. The site is basic in design and functionality, with limited mobile optimization and accessibility features. Security posture is moderate but lacks visible HTTPS confirmation and security headers, and no privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, but no forms or social media links are available. Overall, the site is functional but would benefit from enhanced security, privacy compliance, and technical modernization.

The website kidparentpower.com is currently inaccessible due to an invalid SSL certificate on the origin server, as indicated by Cloudflare error 526. This prevents any meaningful content from being served to visitors, resulting in a complete lack of visible business information, policies, or contact details. The domain is registered with GoDaddy.com, LLC since 2020, which suggests a legitimate registration, but the absence of a valid SSL certificate severely impacts trust and security posture. Technically, the site uses Cloudflare as a CDN and WAF, but the origin server's SSL misconfiguration negates these benefits. No metadata, structured data, or analytics scripts are present, indicating low digital maturity. Security posture is poor due to the SSL issue and lack of security headers or policies. Overall, the site is not compliant with privacy or cookie regulations, and no business credibility signals are available.

The website didiksugiarto.com is currently inaccessible due to a Cloudflare error 526 indicating an invalid SSL certificate on the origin server. This prevents any meaningful content from being displayed to visitors. The domain is registered with NameCheap since 2021 and uses Cloudflare DNS services. No business or contact information is available on the site, and no privacy or cookie policies are present. The technical infrastructure relies on Cloudflare but lacks a valid SSL certificate, which is a critical security flaw. Overall, the website's digital maturity is low, with poor content quality, minimal technical implementation, and weak security posture. Immediate remediation of the SSL certificate issue is necessary to restore accessibility and trust.

The website arizzitano.com is currently inaccessible due to an invalid SSL certificate on the origin server, as indicated by Cloudflare's Error 526. This prevents any meaningful content or business information from being displayed to visitors. The domain is registered with NameCheap, Inc. since 2021 and uses Cloudflare DNS services, but the lack of a valid SSL certificate severely impacts trust and security posture. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the landing page. Technically, the site relies on Cloudflare but lacks modern SEO, accessibility, and performance optimizations. Overall, the site is in a poor state of readiness for public or business use.

The website tokoblog.net is currently inaccessible due to an invalid SSL certificate on the origin server, resulting in a Cloudflare Error 526. This prevents any meaningful content or business information from being accessed or analyzed. The domain is registered with NameCheap, Inc. since 2021 and uses Cloudflare DNS services, but lacks DNSSEC and a valid SSL certificate, which significantly impacts its security posture and trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact information or business details are available on the error page. The technical infrastructure relies on Cloudflare as a CDN and security provider, but the SSL misconfiguration undermines the site's availability and security. From a security perspective, the primary concern is the invalid SSL certificate that blocks user access and may expose visitors to risks if bypassed. The absence of security headers and policies further weakens the site's security maturity. Business credibility and privacy compliance cannot be assessed due to lack of accessible content. Overall, the site scores very low on content quality, privacy compliance, and business credibility, with a moderate score on security posture limited by the SSL issue. Strategic recommendations include immediate installation of a valid SSL certificate on the origin server, enabling DNSSEC, and implementing standard security headers. Additionally, publishing privacy and cookie policies and providing clear contact information would improve compliance and trust. Monitoring and maintaining SSL certificates and security configurations will enhance availability and user confidence.

The website dubaifestival.info is currently inaccessible due to an invalid SSL certificate on the origin server, as indicated by Cloudflare's Error 526. This prevents any meaningful content from being served to visitors, resulting in a complete lack of business or contact information on the site. The domain is registered through NameCheap with privacy protection enabled, providing no public registrant details. The site appears to be either misconfigured or inactive, with no visible privacy policies, cookie notices, or terms of service. Technically, the site relies on Cloudflare for CDN and security services but fails to maintain a valid SSL certificate, which is a critical security flaw.

The website mamarazzinyc.com is currently inaccessible due to an invalid SSL certificate, resulting in a Cloudflare Error 526. This prevents any meaningful content or business information from being accessed or analyzed. The domain is registered with NameCheap since 2021 and uses Cloudflare DNS services, indicating a legitimate registration but poor SSL management. No privacy, cookie, or terms of service policies are present, and no contact information or forms are available on the error page. The technical infrastructure relies on Cloudflare as a CDN and security provider, but the origin server's SSL misconfiguration severely impacts the site's security posture and user trust. Overall, the site is currently non-functional from a user and security perspective, requiring immediate remediation of SSL issues to restore accessibility and enable further analysis.

The website weihnachtsmotive.info is currently inaccessible due to an invalid SSL certificate on the origin server, resulting in a Cloudflare error 526 page blocking all content. No business or contact information is available on the site, and no privacy or cookie policies are present. The domain is registered through NameCheap with privacy protection enabled, providing no public registrant details. The technical infrastructure relies on Cloudflare for DNS and security, but the SSL misconfiguration severely impacts accessibility and trust. Overall, the site exhibits poor digital maturity and security posture, with critical vulnerabilities that prevent normal operation.

S

Sport in place

sport-in-place.com

48

Sport in place is a French-language website focused on fitness, musculation, dance, yoga, and overall well-being lifestyle content. It targets French-speaking fitness enthusiasts seeking advice and methods to improve their sports lifestyle. The site uses WordPress with the Elegant Themes Extra theme and integrates plugins for multilingual support and email subscriptions. The technical infrastructure is modern and supports good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit incident response or security policies. The absence of WHOIS data raises concerns about domain legitimacy and trustworthiness, which impacts the overall risk profile. Strategic recommendations include improving privacy compliance, adding security headers, and verifying domain registration details to enhance trust.

The website pokiesonlinenz.co.nz is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents any meaningful content or business information from being retrieved or analyzed. The domain is registered since 2014 with a reputable registrar and uses Cloudflare for DNS and security services. However, the lack of accessible content, absence of privacy and cookie policies, and no visible contact or business data significantly limit the ability to assess the company's market position or services. Technically, the site relies on Cloudflare but lacks DNSSEC and visible security headers, which could be improved. The security posture is unclear due to the block, but the presence of a WAF indicates some level of protection against attacks. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility due to the block and missing information.

N

Nameshift.com

weglot.eu

49

The website weglot.eu currently serves as a domain sales landing page operated by Nameshift.com, a domain brokerage and escrow service based in the Netherlands. The platform offers domain purchase services with an emphasis on safe, fast, and fee-free domain transfers for buyers. The business model focuses on domain resale with escrow facilitation to ensure secure transactions. The target audience includes domain investors and buyers seeking a trusted intermediary for domain acquisitions. The website content is minimal and primarily transactional, reflecting its purpose as a domain sales portal rather than a full business site. Technically, the site is built using modern web technologies including SvelteKit and JavaScript, hosted on a CDN associated with Nameshift.com. The site demonstrates moderate performance and basic mobile optimization. However, SEO and accessibility features are basic, and there is no evidence of a CMS or extensive platform integrations. The site uses external scripts for analytics and Trustpilot reviews, indicating some level of marketing and trust-building efforts. From a security perspective, the site uses HTTPS and does not expose sensitive data in the HTML. However, it lacks explicit security headers such as Content Security Policy or HSTS, and no privacy or cookie policies are present, which are critical for GDPR compliance. There is no visible incident response or security contact information. The domain registration data is consistent with the business purpose, registered via a known registrar without privacy protection, supporting legitimacy. Overall, the site presents a low-risk profile but has significant gaps in privacy compliance and security best practices. Strategic improvements in policy disclosures, security headers, and contact transparency would enhance trust and compliance. The site’s limited content and basic design reflect its narrow business focus but also limit user engagement and SEO potential.

SPWeb s.r.o. is a well-established Czech technology company specializing in custom web development, e-commerce solutions, SEO, PPC marketing, and IT infrastructure services primarily serving the Brno region. The company has a strong market position supported by over a decade of experience, positive client testimonials, and Google Partner certification. Their website reflects a professional and modern digital presence with comprehensive service offerings and clear contact information. Technically, the website employs a modern technology stack including Bootstrap, jQuery, Google Fonts, and multiple analytics and marketing tools such as Google Tag Manager, Facebook Pixel, Microsoft Clarity, and Smartlook. The site is mobile-optimized, fast-loading, and SEO-friendly, demonstrating a mature digital infrastructure. Hosting and DNS services are managed via Cloudflare, enhancing performance and security. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security policies, incident response contacts, and security headers, which are recommended to enhance its security posture. No vulnerabilities or exposed sensitive data were detected, indicating a generally secure environment. Overall, SPWeb s.r.o. presents a credible, trustworthy, and professional business with a strong online presence. The website scores highly on content quality, technical implementation, security, privacy compliance, and business credibility, making it a reliable partner for clients seeking web and IT services.

Z

Zalohujme.cz

zalohujme.cz

48

Zalohujme.cz is a Czech environmental initiative focused on promoting the implementation of a deposit return system for PET bottles and beverage cans in the Czech Republic. The website provides comprehensive information about the benefits of such a system, its operation, and examples from other European countries. It targets the general public, environmental advocates, municipalities, and beverage producers. The platform serves as an educational and advocacy tool to support legislative changes and increase recycling rates. Technically, the website is built on WordPress and employs common web technologies including jQuery, Google Analytics, Google Tag Manager, Facebook Pixel, and Smartlook for user behavior tracking. The site is mobile-optimized with good SEO practices including structured data and meta tags. Performance is moderate, and accessibility is basic but functional. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks some security headers and explicit security policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is limited as no explicit privacy or cookie policies or consent mechanisms were found. Contact information is limited to an email address in the header, with no phone numbers or physical addresses provided. Overall, the website is legitimate and professional in its presentation and content, though the absence of WHOIS data and privacy policies slightly reduces trustworthiness. Strategic improvements in privacy compliance, security headers, and incident response transparency are recommended to enhance the site's security posture and user trust.

AIMS (Association of International Marathons and Distance Races) operates a comprehensive website dedicated to global running events, including marathons and ultradistance races. The organization provides race calendars, results, news, and publishes the Distance Running magazine, positioning itself as a key resource for the international running community. The website targets runners, race organizers, and athletics enthusiasts worldwide, offering a membership model and partnerships with sports, photo, registration, and medals partners. Technically, the site uses a mix of JavaScript libraries such as jQuery, Cycle2, Leaflet.js for maps, and Google Analytics for tracking, with a custom or unknown CMS. The site is mobile optimized and has a moderate performance profile.

The website eestikasiinod.ee is currently inaccessible due to a Cloudflare security block, which prevents any meaningful content or business information from being analyzed. The domain is registered since 2013 with NETIM and uses Cloudflare nameservers, indicating a standard setup for security and performance. However, the lack of accessible content means no privacy, cookie, or terms of service policies are visible, nor any contact or business details. The technical infrastructure relies on Cloudflare, but no further technology stack or CMS can be identified. Security posture cannot be evaluated beyond the presence of Cloudflare's WAF blocking access. Overall, the site’s risk assessment is limited by the WAF block, resulting in a low AI score and unknown compliance and trustworthiness.

T

Turundajate Liit ehk TULI

turundajateliit.ee

42

Turundajate Liit ehk TULI is a professional association in Estonia that unites marketing agencies and brands to develop and improve the marketing sector. The organization acts as a connector, promoter, and evaluator within the marketing industry, offering news, events, job postings, training, and competitions such as the Kuldmuna awards. The website reflects a well-established entity with a clear focus on the Estonian marketing community, providing relevant and regularly updated content. Technically, the site is built on WordPress with modern plugins and analytics tools, ensuring good performance and mobile optimization. Security measures include HTTPS, reCAPTCHA on forms, and standard security headers, though explicit security policies and vulnerability disclosures are absent. Overall, the site demonstrates a strong security posture and compliance with privacy regulations, including GDPR. Contact information and social media presence are clearly provided, enhancing business credibility.

AIMS (Association of International Marathons and Distance Races) operates as a recognized global organization dedicated to the promotion and coordination of marathon and long-distance running events worldwide. The website serves as a comprehensive hub for race calendars, news, results, directories, and publishes the Distance Running magazine, targeting runners, race organizers, and athletics enthusiasts globally. The organization is registered in Great Britain under MSC Publishing & Design Limited, with a domain age consistent with its operational history since 2016. Technically, the website employs a mix of legacy and modern web technologies including jQuery 1.12.4, Cycle2 plugins, Leaflet for mapping, and Google Analytics for user tracking with IP anonymization. The site is mobile responsive with good navigation and content quality, though some technical debt is evident in the use of outdated JavaScript libraries. SEO and accessibility are basic but functional. From a security perspective, the site benefits from HTTPS and domain registration protections but lacks DNSSEC and security headers, and uses an outdated jQuery version with known vulnerabilities. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Contact information is limited to a physical address with no emails or phone numbers explicitly provided. No incident response or security policy information is available. Overall, the website is professional and trustworthy with a solid business foundation but requires improvements in privacy compliance, security hardening, and transparency to enhance user trust and regulatory adherence.

Birell.cz is the official website of Birell, a leading Czech non-alcoholic beer brand owned by Asahi CE & Europe Services s.r.o. The company has a strong market position in the Czech Republic, offering innovative non-alcoholic beers and radlers with a focus on flavor variety and health-conscious options. The website is built on WordPress with modern plugins and integrates Google Analytics via Google Tag Manager. It features a cookie consent mechanism compliant with GDPR and provides clear contact information including an email and physical address. However, the absence of a publicly accessible privacy policy page and missing WHOIS data limit full trust assessment. Security posture is generally good with HTTPS enforced but could be improved by adding security headers and publishing a security policy. Overall, the website is professional, user-friendly, and well-branded, supporting the company's market leadership.

The website fashioneventdotek.cz is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This indicates that the site is either restricted by server access controls or a security mechanism is blocking public access. Due to this, no meaningful content, metadata, or business information can be extracted or analyzed. The domain is registered since 2016 with a Czech registrar, suggesting some longevity, but the lack of accessible content severely limits assessment of the business or its digital presence. Technically, no information about the technology stack, security headers, or SSL configuration is available, indicating poor or no operational website infrastructure. Security posture is weak or unknown, with no privacy or cookie policies detected, and no contact or incident response information provided. Overall, the site appears non-operational or restricted, resulting in a very low trust and credibility score.

C

CrossCafe

crosscafe.cz

49

CrossCafe is a Czech coffeehouse chain providing coffee, cakes, and related products through physical locations and an e-commerce platform. The website demonstrates a solid digital presence with integrated cookie consent mechanisms and advertising/tracking technologies such as Google Analytics, Adform, and Facebook Pixel. The site is well-structured, mobile-optimized, and uses HTTPS with good SSL configuration. However, the absence of WHOIS data limits the ability to fully verify domain legitimacy and ownership. No direct contact emails or phone numbers are exposed on the site, which may impact user trust and business credibility. Security policies and incident response information are not publicly available, indicating room for improvement in transparency and compliance documentation.

S

SPHosting s.r.o.

sphosting.cz

46

SPHosting s.r.o. is a Czech Republic-based hosting service provider established in 2014, specializing in virtual private servers, dedicated servers, managed servers, and cloud/network services. The company targets small to medium businesses requiring tailored hosting solutions with professional management and 24/7 support. Their market position is supported by positive client testimonials and a perfect aggregate rating, indicating strong customer satisfaction and trust. Technically, the website employs a modern technology stack including Bootstrap, jQuery, FontAwesome, and slick carousel for UI, alongside Google Tag Manager, Facebook Pixel, and Yandex Metrika for analytics and marketing. The site is hosted behind Cloudflare DNS and uses HTTPS with excellent SSL configuration. The cookie consent mechanism is comprehensive and GDPR compliant, reflecting good digital maturity. From a security perspective, the site enforces HTTPS, uses reCAPTCHA v2 for form protection, and provides granular cookie consent options. However, it lacks explicit security policies, incident response information, and a security.txt file, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected, and security headers could be enhanced. Overall, the website presents a professional, trustworthy, and well-maintained digital presence with moderate to good security posture. Strategic improvements in security transparency and header implementation would further strengthen their risk profile and compliance stance.