High-risk security reports

D

DKSV

dksv.cz

48

DKSV.cz is a professional website dedicated to organizing and promoting transportation-related events, specifically the Dopravní konference (Transportation Conference) and Silniční veletrh (Road Trade Fair) held in Pardubice, Czech Republic. The site targets industry professionals, government officials, and companies involved in transportation infrastructure. It offers event information, registration options, and showcases partners and media collaborators. The business operates primarily as an event organizer with a regional focus and a small organizational size, founded in 2022. Technically, the website is built on WordPress using the Divi theme, enhanced with SEO tools like Yoast and analytics platforms including Matomo and Google Analytics via Google Tag Manager. The site demonstrates good mobile optimization, structured data usage, and moderate performance. Hosting is provided by hosting90, a Czech hosting provider. From a security perspective, the site enforces HTTPS and employs a GDPR-compliant cookie consent mechanism with detailed user controls. However, explicit security headers such as Content-Security-Policy and X-Frame-Options are not evident, and no dedicated security or incident response policies are published. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, DKSV.cz presents a trustworthy and professional online presence for its niche event business. Strategic improvements in security headers, incident response transparency, and visible contact information would enhance its security posture and user trust. The site is safe for general audiences and complies well with privacy regulations.

Z

Z-Group bus a.s.

karierazavolantem.cz

42

Z-Group bus a.s. is a well-established transportation company in the Czech Republic, operating since 1992. It provides a wide range of bus transportation services including regional, urban, and international routes, serving millions of passengers annually. The company also focuses on recruitment and career opportunities for bus drivers across multiple regions. The website reflects a professional and consistent brand image with clear business information and partner affiliations. Technically, the site is built on WordPress with modern JavaScript libraries and includes GDPR-compliant cookie management and Google Analytics integration. Security posture is strong with HTTPS and reCAPTCHA, though some security headers could be improved. The absence of WHOIS data limits domain trust verification but does not detract from the overall legitimacy of the business. Strategic recommendations include enhancing security headers, adding a terms of service page, and publishing a security.txt file for vulnerability disclosures.

B

BVH Bitumen Vertrieb und Handel GmbH

bvh-bitumen.de

41

BVH Bitumen Vertrieb und Handel GmbH is a specialized German company founded in 2001 that focuses on the distribution and trading of bitumen products for road construction and industrial applications. Their website reflects a niche business model targeting B2B customers in the energy and construction sectors, offering products such as oxidized and modified bitumen. The company positions itself as an experienced supplier adhering to industry standards. Technically, the website is built on the namRED CMS, an older open-source framework, with basic JavaScript and CSS usage. The site lacks modern mobile optimization and advanced SEO features, indicating a moderate level of digital maturity. Security posture is minimal with no detected HTTPS enforcement or security headers, and no visible incident response or security policies. Privacy compliance is limited, with a basic privacy policy but no cookie consent mechanism. Overall, the site is functional but could benefit from modernization and enhanced security and privacy practices.

S

SR-Gruppen – sinusrumleriller – kalkstabilisering – cementstabilisering – specialfræsning

sr-gruppen.dk

43

SR-Gruppen is a specialized Danish company focused on road construction and maintenance, offering niche services such as sinusrumleriller, cement and lime stabilization, BSM, Remix, and soil treatment. Their website presents a professional image with clear service offerings and a focus on industry-specific solutions. The company targets businesses and professionals in the transportation and infrastructure sectors. Technically, the website is built on WordPress using the Divi theme and Yoast SEO plugin, indicating a modern CMS with SEO considerations. Performance and mobile optimization are good, though accessibility is basic. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit security policies. Privacy compliance is partial, with a cookie consent mechanism present but no dedicated privacy policy page found. WHOIS data is unavailable, limiting domain trust verification. Overall, the website is professional and trustworthy but could improve in privacy transparency and security best practices.

M

Město Roudnice nad Labem

roudnicenl.cz

46

Město Roudnice nad Labem operates an official municipal website serving residents, tourists, and local businesses by providing timely news, public service information, event announcements, and access to official documents. The site positions itself as a trusted government resource with a clear focus on community engagement and transparency. The business model is public service oriented, with a medium-sized municipal scope in the Czech Republic. The website is well-branded and consistent with government standards, featuring partner and certification logos that enhance trust. Technically, the website employs modern frontend technologies including Bootstrap, jQuery, and Fancybox, supported by Google Analytics and Tag Manager for user tracking and marketing insights. The site is mobile optimized and performs moderately well, though there is room for improvement in accessibility and SEO. Hosting and domain registration are consistent with Czech providers, and the domain age supports the site's legitimacy. From a security perspective, the site enforces HTTPS and implements a detailed cookie consent mechanism compliant with GDPR. However, explicit security headers and incident response policies are not evident, suggesting opportunities to strengthen security posture. No vulnerabilities or suspicious patterns were detected in the content or WHOIS data. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility to further solidify trust and compliance.

N

N+N – Konstrukce a dopravní stavby Litoměřice, s.r.o.

nanlitomerice.cz

44

N+N – Konstrukce a dopravní stavby Litoměřice, s.r.o. is a Czech Republic-based medium-sized company specializing in construction and infrastructure projects, particularly railway construction, bridge and wall structures, and civil engineering works. Established in 2001, the company has a solid market presence and offers comprehensive project documentation and construction services. The website reflects a professional and consistent brand image, targeting construction industry clients and infrastructure developers. Technically, the website is built on WordPress with common plugins such as WPBakery Page Builder, Slider Revolution, and Complianz GDPR for compliance. It integrates Google Tag Manager and Google reCAPTCHA for analytics and security. The hosting is provided by cesky-hosting.eu, and the site shows moderate performance with good mobile optimization. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but it lacks explicit security headers and uses an outdated jQuery version, which could pose risks. No exposed sensitive data or vulnerabilities were detected in the HTML content. Privacy compliance is strong with a comprehensive GDPR policy and cookie management. Overall, the website is trustworthy and professionally maintained, with recommendations to update JavaScript libraries and enhance security headers to improve the security posture further.

J

JK Machinery s.r.o.

jk-machinery.cz

41

JK Machinery s.r.o. is a Czech-based manufacturing company specializing in the design and production of agricultural machinery and technology solutions. With over 30 years of experience, the company offers comprehensive services including equipment manufacturing, technology design, installation, and after-sales support. Their market presence spans 42 countries with a strong client base exceeding 2500 satisfied customers. The website reflects a professional and consistent brand image, targeting agricultural businesses and food industry enterprises globally. Technically, the website is built on WordPress with modern frameworks such as Bootstrap and utilizes popular analytics and marketing tools including Google Analytics, Facebook Pixel, and Hotjar. The site is mobile-optimized and demonstrates good SEO practices. Hosting is provided by Active24, a reputable provider, and the site uses HTTPS with a valid SSL certificate ensuring secure communications. From a security perspective, the site employs Google reCAPTCHA on its contact forms to mitigate spam and abuse. However, it lacks explicit security headers and does not provide a public security policy or incident response information. Privacy and cookie policies are present and indicate GDPR compliance, though more detailed data retention policies are not disclosed. No vulnerabilities or suspicious content were detected during analysis. Overall, JK Machinery's website is a well-maintained digital asset that supports its business objectives effectively. The security posture is solid but could be enhanced by implementing additional security headers and publishing incident response and vulnerability disclosure policies. The company demonstrates strong business credibility and international reach, making it a trustworthy entity in its sector.

C

Chládek & Tintěra, a.s.

cht.cz

48

Chládek & Tintěra, a.s. is a well-established Czech construction company specializing in railway, bridge, civil engineering, and related construction services. With over 35 years of experience and a workforce of approximately 380 professionals, the company holds a leading position in the Czech construction market. Their website showcases a comprehensive portfolio of projects, career opportunities, and detailed company information, reflecting a mature and professional business model focused on transportation and infrastructure sectors. Technically, the website is built on WordPress using the Mioweb3 theme, enhanced with SEO and GDPR compliance plugins such as Yoast SEO and Complianz. The site integrates modern analytics tools including Google Analytics 4 and Facebook Pixel, and employs Google Consent Mode to manage user privacy preferences effectively. The site is mobile-optimized and demonstrates good performance and SEO practices. From a security perspective, the website enforces HTTPS and uses cookie consent management, but lacks some recommended security headers such as Content-Security-Policy and X-Frame-Options. No critical vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data for the domain is a notable gap, reducing the overall trust score and suggesting a need for further domain registration verification. Overall, the website presents a secure, compliant, and professional digital presence for a large construction firm. Strategic improvements in security headers and domain registration transparency would enhance trust and security posture further.

S

SBS Cargo

sbscargo.cz

36

SBS Cargo is a traditional forwarding company established in 2012, specializing in rail and maritime transport services. The company leverages generational knowledge in forwarding and transport sectors, serving clients primarily in energy, coal, steel, wood, paper, chemical oil, and industrial products. Their market position is that of a small but established player with a focus on traditional and reliable logistics solutions. The website reflects a professional and consistent brand image with clear service offerings and partner affiliations. Technically, the website is built on WordPress with Bootstrap and jQuery, optimized for mobile devices and SEO-friendly through the Yoast SEO plugin. Hosting appears to be provided by Webglobe, consistent with the domain's nameserver information. Performance is moderate with good design quality and navigation clarity, though accessibility features are basic. From a security perspective, the site uses HTTPS but lacks visible security headers and formal privacy or cookie policies, indicating compliance gaps with GDPR and other regulations. No contact information or incident response details are present on the homepage, limiting transparency. No analytics or tracking scripts were detected, suggesting minimal user tracking. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, security hardening, and clearer contact and incident response information to improve trust and regulatory adherence.

Č

ČD-DUSS Terminál, a.s.

cdduss.com

43

ČD-DUSS Terminál, a.s. operates an intermodal terminal in Lovosice, Czech Republic, specializing in handling various container types and providing forwarding, logistics, and customs services. The company targets businesses requiring combined rail and road transport solutions. The website reflects a medium-sized logistics operator with a consistent brand and references from known industry players. Technically, the site is built on WordPress with standard technologies and moderate performance. Security posture is adequate with HTTPS enabled but lacks important security headers and privacy compliance documentation. No contact emails or phone numbers are explicitly provided, which may affect user trust and compliance. Overall, the domain registration data supports the legitimacy of the business, with consistent WHOIS information and appropriate domain age.

PREOL, a.s. is a leading Czech company specializing in the processing of rapeseed seed and production of related products such as biofuels, animal feed, and food products. It operates as part of the AGROFERT group, a major player in the Czech agricultural and energy sectors. The website presents a professional image with clear branding, multilingual support, and comprehensive information about its business activities and compliance with GDPR regulations. The company targets both general consumers and business partners in the energy and agricultural industries. Technically, the website uses a custom CMS (Poski), JavaScript libraries such as jQuery, and includes responsive design features for mobile optimization. While the site performs moderately well, there is room for improvement in accessibility and security headers. The cookie consent mechanism and GDPR information demonstrate a commitment to privacy compliance. From a security perspective, the site lacks visible security headers and explicit incident response or security policy pages, which could be enhanced to improve trust and resilience. The absence of WHOIS data is a concern for domain legitimacy, although the website content and business information align with a reputable corporate entity. Overall, the site is secure enough for general use but would benefit from strengthened security practices and transparency. The overall risk assessment is moderate with recommendations to improve security headers, SSL configuration, and incident response transparency. These steps will enhance user trust and regulatory compliance, supporting the company’s strong market position in the Czech energy and agricultural sectors.

Město Štětí operates an official municipal website serving as the primary information portal for the city and its residents. The site provides comprehensive details about city administration, local services, events, and contact information. It targets local citizens and visitors seeking official information. The website is built on Joomla CMS with modern frontend technologies including Bootstrap, jQuery, and Swiper.js, ensuring a responsive and user-friendly experience. The presence of GDPR-compliant cookie consent and clear contact details reflects a commitment to privacy and transparency. However, the absence of WHOIS data limits domain registration trust verification. Security posture is solid with HTTPS and cookie management, but lacks published security policies or incident response contacts. Overall, the site is professional, trustworthy, and well-maintained, serving its public sector role effectively.

Jasnet, spol. s r.o. is a small Czech Republic-based company specializing in graphic design, multimedia presentations, IT hardware and software sales, network management, and production and advertising services. Their website presents a clear overview of their business offerings and contact information, targeting local businesses and organizations in need of multimedia and IT solutions. The company appears to be a local service provider with a focus on creative and technical services. Technically, the website uses Google Tag Manager and Google Analytics for tracking and marketing purposes, but lacks advanced technical frameworks or CMS platforms. The site is accessible without any WAF or security challenges, but lacks modern security headers and visible SSL configuration details. The website design and content quality are basic, with no detected forms or advanced user interaction features. From a security perspective, the absence of WHOIS data reduces transparency and trust slightly, although the website provides detailed contact information and company registration numbers. No privacy, cookie, or terms of service policies are present, indicating gaps in compliance with GDPR and other privacy regulations. The security posture is moderate but could be improved by implementing HTTPS, security headers, and publishing privacy-related policies. Overall, the website is functional and safe for general audiences but would benefit from enhanced security measures, privacy compliance, and improved technical implementation to increase trust and professionalism.

H

Hospic sv. Štěpána Litoměřice

prohospic.cz

42

The website prohospic.cz represents a small non-profit hospice organization based in Litoměřice, Czech Republic, focused on providing home-based palliative care for terminally ill patients. It serves as an informational and donation platform, targeting local donors and families seeking hospice services. The site is professionally designed with consistent branding and clear donation options, including detailed explanations of donation impacts. Technically, the site uses a custom CMS by Jasnet, with common JavaScript libraries such as jQuery and Modernizr, and integrates Google Analytics and Tag Manager for visitor tracking. Mobile optimization and user experience are good, though some technical debt is present due to outdated libraries. Security posture is moderate; HTTPS is implied but no explicit security headers were detected, and the use of outdated jQuery versions poses potential risks. Privacy compliance is basic but includes a cookie consent mechanism and a privacy policy page. No terms of service or incident response policies are published, which could be improved. Overall, the domain registration data is consistent and supports the legitimacy of the organization. Strategic improvements in security and compliance would enhance trust and resilience.

P

Planet Ocean Hosting GmbH

planet-ocean-hosting.com

49

Planet Ocean Hosting GmbH is a German hosting provider with over 20 years of experience offering a broad range of internet services including web hosting, email hosting, managed servers, and communication platforms such as Matrix chat and Jitsi videoconferencing. The company targets startups and established businesses seeking reliable and privacy-conscious hosting solutions, emphasizing German data protection standards and green energy usage. The website is professionally designed, built on WordPress, and optimized for mobile devices with clear navigation and relevant content. Technically, the site uses modern libraries and privacy-respecting analytics (Matomo), but lacks a cookie consent mechanism and explicit security policies. Security posture is good with HTTPS enabled and no visible vulnerabilities, though security headers and incident response information are absent. WHOIS data is consistent with the business claims, showing no privacy protection and matching nameservers, indicating legitimacy. Overall, the site is trustworthy and professional but could improve privacy compliance and security transparency.

F

FW Africa

foodbusinessafrica.com

47

Food Business Middle East & Africa, operated by FW Africa, is a leading media publication and event organizer focused on the food and beverage industry across Africa and the Middle East. The website serves as a comprehensive platform providing industry news, insights, and advertising opportunities targeting business owners, CEOs, and professionals in the sector. It holds a strong market position as the No.1 food and beverage industry magazine and website in the region, supported by a consistent brand presence and professional content quality. Technically, the website is built on WordPress using the Pressbox theme and Divi Builder framework, integrating modern technologies such as Google Tag Manager, Google Analytics, Matomo Analytics, and advanced advertising plugins. The site demonstrates good performance, mobile optimization, and SEO practices, ensuring a positive user experience and accessibility. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes essential security headers. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are absent, representing areas for improvement. Overall, the website presents a low-risk profile with a mature digital presence, though the lack of WHOIS data and some security policy disclosures slightly reduce trustworthiness. Strategic recommendations include publishing security and incident response policies, adding vulnerability disclosure information, and enhancing transparency around data protection officers to strengthen compliance and trust.

N

Nikodémova noc - Pokyny

nikodemovanoc.sk

41

Nikodémova noc is a Slovak non-profit pastoral project affiliated with the Catholic Church, focused on organizing night adoration events to facilitate spiritual encounters with Jesus Christ. The website serves as an informational and organizational platform for local parishes to participate and promote these events. The project targets church attendees and the broader public interested in spiritual activities, operating primarily within Slovakia and neighboring countries. The domain is well-established since 2012 with consistent registration data and DNSSEC enabled, indicating a legitimate and stable online presence. Technically, the website uses basic web technologies including HTML, CSS, and older versions of JavaScript libraries such as jQuery 1.4.1 and Fancybox 1.3.0. Hosting appears to be provided by Websupport.cz. The site shows moderate performance and basic mobile optimization but lacks modern frameworks or CMS platforms. SEO and accessibility features are minimal but functional. Security posture is moderate with DNSSEC enabled but lacks visible security headers and uses outdated JavaScript libraries that may expose vulnerabilities. The login form for program management lacks visible advanced security features. Privacy and compliance are weak, with no privacy policy, cookie policy, or GDPR compliance indicators present on the site. No contact emails or phone numbers are provided, only a login form for authorized users. No incident response or security policy information is available. The site content is safe, religious in nature, and suitable for general audiences without any adult or questionable content. Overall, the website is functional and serves its niche purpose but requires improvements in security, privacy compliance, and modernization of technical components to enhance trust and resilience against vulnerabilities.

Mouser.cz is a small Czech IT service provider specializing in custom development and management of enterprise information systems, web applications, and network infrastructure. The company offers services including domain registration, web hosting management, LAN network construction, and computer repairs. The website clearly states it is not affiliated with the global Mouser Electronics company, reducing brand confusion. The technical infrastructure is based on PHP, MySQL, HTML5, and JavaScript, hosted likely with WEDOS, a Czech hosting provider. The website is basic in design and content, with minimal SEO and accessibility features. Security posture is weak, with no detected HTTPS or security headers, and no published privacy or cookie policies, indicating compliance gaps. Contact information is clearly provided, but no forms or social media presence is evident. Overall, the site is functional but lacks modern security and privacy best practices.

S

Společnost katolického apoštolátu (Pallotini)

pallotini.cz

47

The website represents the Society of the Catholic Apostolate (Pallotini), a religious non-profit organization founded in 1835. It provides information about the organization's mission, global presence, and apostolic activities including parish work, education, healthcare, and social outreach. The site targets Catholic faithful and those interested in religious apostolate work. Technically, the site uses a custom PHP-based CMS with legacy JavaScript libraries such as jQuery 1.4.1 and basic CSS styling. Hosting is likely provided by Active24, consistent with the domain registrar data. Security posture is moderate with no visible HTTPS confirmation or security headers in the provided data, and outdated JavaScript libraries present potential vulnerabilities. Privacy and cookie policies are absent, indicating compliance gaps with GDPR. Contact information is clearly provided with physical addresses, phone numbers, and a company email. Overall, the site is functional and informative but would benefit from technical modernization and improved security and privacy compliance.

The website 'Monastery Tourism' operated under the domain klasternituristika.cz is a niche platform focused on religious and pilgrimage tourism primarily in the Czech Republic. It offers information on pilgrimage sites, accommodation, places of interest, and pilgrimage routes, targeting pilgrims and tourists interested in Christian historical monuments and faith-based travel. The business model revolves around providing informational content and booking capabilities, supported by user registration and login features. The site has been active since 2015, indicating a mature presence in its niche market. Technically, the website employs a combination of legacy and modern web technologies including jQuery, Bootstrap 3, Leaflet.js for mapping, and the Nette PHP framework. It integrates Matomo analytics for user tracking and uses HTTPS for secure communication. The site is moderately optimized for mobile devices and SEO, with a good user experience and clear navigation. However, some technical improvements are recommended, such as updating libraries and enhancing accessibility. From a security perspective, the site uses HTTPS and secure forms but lacks visible security headers like CSP or HSTS, which are important for modern web security. No privacy or cookie policies are present, which is a compliance gap especially under GDPR. The absence of incident response contacts and security policies reduces transparency. The domain WHOIS data is consistent and trustworthy, with no suspicious patterns detected. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, improved security headers, and clearer policy disclosures to strengthen trust and regulatory adherence.

The website for stlchess.club currently serves only a 404 error page indicating that the domain is pointed to WP Engine hosting but is not configured for an active site. The domain is registered to the Saint Louis Chess Club in the US, created in 2022, and appears legitimate. However, no business content, contact information, or policies are present on the site, preventing a full assessment of business operations or services. The technical infrastructure includes Cloudflare DNS and analytics, with hosting on WP Engine, but the site lacks configuration and content delivery. Security posture is minimal with no security headers or privacy policies detected, and the site does not implement GDPR compliance mechanisms. Overall, the site is non-functional and provides no user or business value in its current state.

H

Hospic sv. Štěpána, z.s.

hospiclitomerice.cz

45

Hospic sv. Štěpána Litoměřice is a well-established non-profit healthcare organization providing comprehensive hospice and palliative care services in the Czech Republic since 2004. The website serves as an informative platform for patients, families, healthcare professionals, and donors, detailing services such as inpatient care, home hospice, counseling, and educational programs. The organization maintains a strong community presence and partnerships with governmental and charitable entities. Technically, the website is built on ASP.NET WebForms with modern JavaScript libraries and integrates Google Analytics and Facebook Pixel for user tracking. The site is mobile-optimized and professionally designed, offering a good user experience. Security posture is adequate with HTTPS enforced and secure form handling, though it lacks some advanced security headers and a published vulnerability disclosure policy. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy or terms of service pages. Overall, the site is trustworthy and credible, reflecting the organization's mission and operational maturity.

W

WOSZ FAN SHOP

wosz-fan-shop.de

43

Wosz Fan Shop is a German-based e-commerce retailer specializing in sports fan merchandise and team sports apparel, featuring well-known brands such as Puma, Jako, Craft, Erima, and Hummel. The website targets sports teams, clubs, and fans primarily within Germany, offering a broad catalog of products including jerseys, balls, accessories, and team outfitting solutions. The business operates on the PrestaShop platform, leveraging standard e-commerce modules and security features like Google reCAPTCHA to protect user interactions. The site is secured with HTTPS and presents a professional design with clear navigation and mobile optimization. From a security perspective, the website demonstrates good practices such as HTTPS enforcement and form protection via reCAPTCHA. However, it lacks explicit security headers and a cookie consent mechanism, which are important for GDPR compliance and enhanced security posture. No critical vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data aligns with the website's business claims, showing consistent domain registration without privacy protection, which supports legitimacy. Overall, the website is functional, secure, and professionally presented, though improvements in privacy compliance and security headers would strengthen its posture. There are no indications of adult or unsafe content, making it suitable for a general audience. The business credibility is supported by clear contact information and brand partnerships, though explicit email contacts are not visible in the analyzed content.

A

Association Francophone des Soins Oncologiques de Support

afsos.org

42

The Association Francophone des Soins Oncologiques de Support (AFSOS) is a French non-profit organization dedicated to promoting knowledge and implementation of supportive oncology care. The website serves both healthcare professionals and the general public, providing educational resources, guidelines, congress information, and patient support tools. It holds partnerships with reputable French health institutions, enhancing its credibility and market position within the healthcare sector in France. The organization appears to be small-sized and founded around 2019, focusing on oncology supportive care education and advocacy. Technically, the website is built on WordPress with modern plugins and integrations such as Google Maps, Stripe for payments, and Google reCAPTCHA for security. The site is mobile-optimized, uses HTTPS, and includes SEO and accessibility features, though accessibility could be improved. Performance is moderate, and the design is professional and consistent with the brand. Security posture is good with HTTPS, secure payment integration, and anti-bot measures, but lacks some security headers and explicit privacy and terms of service pages. WHOIS data is unavailable, which slightly reduces domain trustworthiness. Overall, the site is safe, professional, and trustworthy, with moderate user tracking via analytics and social pixels. Recommendations include publishing a comprehensive privacy policy and terms of service, adding security headers, improving accessibility, and providing incident response contacts to enhance compliance and trust.

B

BlockMark Technologies Ltd

blockmarktech.com

48

BlockMark Technologies Ltd operates a specialized certificate management platform called BlockMark Registry, targeting organizations and individuals involved in certification processes. The company leverages cloud and blockchain technologies to provide secure, efficient, and user-friendly digital certificate issuance, management, and verification services. With a growing user base and extensive certificate records, BlockMark positions itself as a trusted player in the digital credential space. Technically, the website is built on WordPress with modern SEO and security plugins, including Yoast SEO and Google reCAPTCHA. The site is well-structured, mobile-optimized, and integrates analytics for performance monitoring. However, some security headers are missing, and cookie consent mechanisms are not explicitly implemented, which could be improved for better compliance. Security posture is solid with HTTPS enforced and anti-bot protections in place, but the absence of published security policies and incident response information limits transparency. The WHOIS data is unavailable, which slightly reduces trust but is mitigated by clear company registration details and active social media presence. Overall, the website and business demonstrate a professional and credible presence with room for enhancement in privacy compliance and security transparency.

T

theTribe

advenir.mobi

45

Advenir.mobi is the official website for the Advenir program, a French national initiative led by Avere-France to finance electric vehicle charging infrastructure. The program targets individuals, professionals, and public entities, providing financial incentives to accelerate the deployment of EV charging points across France. The website offers comprehensive information about the program, including eligibility, project definition, installer directories, and news updates. Technically, the site is built on WordPress with modern frameworks like Bootstrap and uses SEO best practices, accessibility features, and cookie consent mechanisms. Security posture is generally good with HTTPS and consent management, but the domain's expired status and lack of DNSSEC are notable risks. Overall, the site is professional, trustworthy, and well-positioned to serve its audience, though domain renewal is critical to maintain trust and availability.

N

netzGiraffe

netz-giraffe.de

38

netzGiraffe is a German-based digital agency specializing in web development, e-commerce solutions, and online strategy consulting. The company leverages popular CMS platforms such as WordPress, Drupal, and TYPO3, alongside e-commerce systems like Prestashop, Woocommerce, and Shopware. They also develop custom portals using the Symfony framework. The website presents a professional image with clear service offerings and client references, targeting businesses seeking comprehensive online presence and digital solutions. Technically, the site is built on WordPress with modern libraries including jQuery and Bootstrap, and employs SEO best practices via Yoast SEO. Hosting is provided by a German hosting provider, consistent with the company's regional focus. Security posture is solid with HTTPS enabled and spam protection plugins in use, though some security headers and explicit policies are missing. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the website is well-structured, performant, and trustworthy, reflecting a mature small business digital presence.

Konzertbüro Leipzig, operating under the agency name SADLERMUSIC since 2002, is a small German event management company specializing in organizing live concerts across various genres. The company offers comprehensive services including event planning, PR, technical and gastronomic support, and ticketing. The website is built on WordPress with a focus on event calendar management and SEO optimization, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and explicit privacy policies. Overall, the website is professional and functional but could improve in privacy compliance and contact transparency to enhance trust and security.

V

VR Bits GmbH

vrbits.de

44

VR Bits GmbH is a specialized development studio based in Germany, focusing on Virtual Reality, Augmented Reality, and gaming technologies to support digital transformation. Established in 2010, the company positions itself as a pioneer in the German VR scene, offering tailored interactive 3D solutions such as virtual handbooks, showrooms, and trade fair appearances. Their business model is project-based, serving corporate clients seeking innovative digital experiences. The website reflects a professional and consistent brand image with a clear presentation of services and team members. Technically, the site is built on WordPress with modern plugins for caching, lazy loading, and form handling, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and CAPTCHA-protected contact forms, though lacking explicit security policies or vulnerability disclosure mechanisms. Privacy compliance is addressed with a cookie consent banner and a privacy policy page, but terms of service and incident response information are absent. Overall, the site is trustworthy and well-maintained, suitable for its target audience of businesses undergoing digital transformation.

O

OVRLAB GmbH

ovrlab.de

44

OVRLAB GmbH is a pioneering joint-venture network of XR experts in Germany, specializing in software development, hardware provisioning, and consulting services focused on virtual and mixed reality technologies. The company targets B2B clients seeking innovative XR solutions and digital transformation support. Their market position is strong within the German XR scene, supported by partnerships with regional technology firms. Technically, the website is built on WordPress using WPBakery and Yoast SEO, showing moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit incident response information. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is professional and trustworthy but could improve in security and privacy transparency.

S

Schaubühne Lindenfels Leipzig

schaubuehne.com

47

Schaubühne Lindenfels Leipzig is a cultural venue in Germany offering theater, cinema, concerts, and festival hosting services. The website is professionally designed using TYPO3 CMS and modern frontend technologies, providing a good user experience with clear navigation and mobile optimization. The site integrates Matomo analytics and a cookie consent mechanism, indicating some privacy awareness. However, no explicit privacy policy or terms of service pages were found, which is a compliance gap. The domain WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional website content. Overall, the site is safe and trustworthy for general audiences but would benefit from improved transparency and security disclosures.

S

Stadtgeschichtliches Museum Leipzig

stadtgeschichtliches-museum-leipzig.de

44

The Stadtgeschichtliches Museum Leipzig operates as a public cultural institution focused on preserving and presenting the history and culture of Leipzig through multiple museum houses and exhibitions. The website serves as an information portal for visitors, educators, and researchers, offering details on exhibitions, events, educational programs, and access to collections. The museum holds a solid regional position with a clear target audience including the general public and educational sectors. Technically, the website is built on TYPO3 CMS, a robust open-source content management system, and hosted via Ordergate. The site demonstrates good mobile optimization, clear navigation, and solid SEO practices, though performance is moderate. The absence of advanced analytics or tracking tools suggests a privacy-conscious approach. From a security perspective, the site enforces HTTPS but lacks several security headers and does not publicly disclose security policies or incident response procedures. No cookie consent mechanism was detected, which may be a compliance gap under GDPR. No vulnerabilities or exposed sensitive data were found, indicating a generally secure posture but with room for improvement. Overall, the website is professional, trustworthy, and serves its informational purpose well. Strategic enhancements in privacy compliance, security headers, and incident response transparency would strengthen its security posture and user trust.

Aktepe is a Turkish company specializing in luxury automotive vehicle transformations and systems, offering a wide range of services including VIP vehicle conversions, marine yacht interior design, and jet interior refits. The company positions itself as a premium provider in the transportation sector with a focus on craftsmanship, quality, and innovation. Their digital presence is built on a modern Next.js framework, providing a responsive and visually appealing website experience. The site includes detailed product catalogs, news updates, and a configurator tool, reflecting a mature digital infrastructure. Security posture is adequate with HTTPS and cookie consent mechanisms, though there is room for improvement in publishing explicit privacy and security policies. WHOIS data confirms the legitimacy and consistency of the domain registration with the business profile. Overall, Aktepe demonstrates a strong market position in luxury vehicle customization with a professional online presence.

INSTRAN is an Indonesian online platform dedicated to providing inspiration and information on sustainable transportation development. The website offers a variety of content including news articles, research reports, opinion pieces, campaigns, and discussion forums, targeting a general audience interested in transportation and sustainability. The platform positions itself as a niche media outlet within Indonesia's transportation sector, founded in 2020 and maintained with consistent branding and regularly updated content. Technically, the website is built on WordPress and utilizes common web technologies such as jQuery, Tiny Slider, and Google Translate integration. It is hosted on Niagahoster servers and employs HTTPS for secure communication. The site demonstrates moderate performance and good mobile optimization, though accessibility features are basic. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the site benefits from HTTPS and domain transfer protections but lacks DNSSEC and important security headers like Content-Security-Policy. There is no visible privacy policy, cookie consent mechanism, or incident response information, which are gaps in compliance and security best practices. The site uses Google AdSense and Google Tag Manager for advertising and analytics, indicating moderate user tracking without explicit privacy disclosures. Overall, INSTRAN presents a professional and trustworthy platform within its niche but would benefit from enhanced security measures, privacy compliance, and clearer contact information to improve user trust and regulatory adherence.

B

Bismania Community

bismaniacommunity.org

47

Bismania Community is an Indonesian community organization focused on bus enthusiasts, primarily in Java and other Indonesian regions. The website serves as a hub for community engagement, event announcements, merchandise sales, and information sharing related to buses and transportation. The organization aims to unite bus fans and contribute to the advancement of transportation infrastructure and automotive business activities in Indonesia. The website is built on WordPress using Elementor and Yoast SEO, hosted by HOSTINGER operations, UAB. It features a moderate technical infrastructure with good mobile optimization and SEO practices but lacks some advanced security headers and privacy compliance elements. Security posture is adequate with HTTPS enabled and domain transfer protection, but DNSSEC is not enabled and no explicit security policies are published. Overall, the website is trustworthy and professional but would benefit from enhanced privacy and security policies to improve compliance and user trust.

I

Internetseelsorge

internetseelsorge.de

42

Internetseelsorge.de is a German non-profit organization providing free Christian pastoral care and spiritual guidance through mail and chat services. The website targets individuals facing life crises, spiritual questions, or feelings of loneliness, offering confidential and anonymous support. The organization collaborates with recognized Catholic partners, enhancing its credibility and reach within the German-speaking community. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and uses Matomo analytics to respect user privacy. Hosting is provided by kasserver.com, a known hosting provider. Security posture is solid with HTTPS enforced, though improvements in security headers and cookie consent mechanisms are recommended. The website is well-structured, mobile-optimized, and provides clear navigation and service descriptions, supporting a positive user experience. No adult or explicit content is present, making it safe for general audiences.

Z

Zentrum für Berufungspastoral

berufung.org

46

Zentrum für Berufungspastoral is a German non-profit organization dedicated to vocation pastoral care within the Catholic Church. The website provides resources, events, and contact information for diocesan vocation pastoral offices primarily targeting young people and church members in Germany and neighboring countries. The organization has an established presence since 2000, reflected by the domain age and consistent content. Technically, the site runs on TYPO3 CMS version 4.7 with common JavaScript libraries and Google Analytics for tracking, though the CMS version is outdated and may pose security risks. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks modern security headers and DNSSEC. Privacy compliance is basic but present, with a privacy policy and cookie banner. Overall, the site is professional, trustworthy, and safe for general audiences.

W

Web Commerce GmbH

digitalpastoral.de

45

Digitalpastoral.de is a German-language digital platform focused on providing resources, networking, and content for Catholic church communities and pastoral workers. The platform serves as a marketplace and knowledge hub for digital church practice, offering articles, event listings, and community engagement tools. It is developed and maintained by Web Commerce GmbH, with affiliations to multiple (Erz-)Bistümer, indicating a trusted position within the church digital ecosystem. The website targets church professionals and digital faith communities, positioning itself as a niche but important resource in the religious digital media space. Technically, the site is built on Edith CMS and leverages modern web technologies including jQuery, Bootstrap, and FontAwesome. It integrates Matomo analytics with privacy-conscious tracking controls and uses HTTPS to secure communications. The site demonstrates good mobile optimization and accessibility features, with a clear navigation structure and professional design. However, some security best practices such as security headers and explicit cookie consent mechanisms are missing, which could be improved to enhance compliance and security posture. From a security perspective, the site shows a moderate maturity level with no visible vulnerabilities or exposed sensitive data. The lack of a published security policy or incident response contacts is a gap in transparency and readiness. Privacy compliance is partial, with a privacy policy present but no cookie consent banner detected. Overall, the domain and hosting infrastructure appear legitimate and consistent with the business claims, with no signs of suspicious WHOIS data or blocking by WAFs. The overall risk assessment is moderate with recommendations to implement explicit cookie consent, add security headers, and publish security and incident response policies to strengthen trust and compliance. The platform is well-positioned as a specialized digital resource for church communities but should address these gaps to maintain and improve its credibility and security posture.

Mikroregion Chrudimsko is a regional government association website serving 29 municipalities in the Pardubice region of the Czech Republic. The site provides information about member municipalities, official notices, financial management, realized projects, and tourism opportunities. It targets local residents, government officials, and tourists interested in the region. The business model is informational and supportive of regional development, with a small organizational size and a founding date consistent with the domain registration. Technically, the website uses a modern tech stack including Bootstrap, jQuery, and various JavaScript libraries for UI enhancements. The site is hosted likely by WEDOS, a Czech hosting provider, and shows moderate performance with good mobile optimization and basic accessibility features. SEO practices are adequate with proper meta tags and Open Graph data. From a security perspective, the site uses HTTPS but lacks visible security headers and published security policies. No forms collect sensitive data, reducing risk, but the absence of privacy and cookie policies indicates compliance gaps with GDPR. No vulnerability disclosures or incident response contacts are provided. The WHOIS data is consistent and trustworthy, with no privacy protection or suspicious patterns. Overall, the website is professional, trustworthy, and well-aligned with its regional government purpose. However, it would benefit from improved privacy compliance, enhanced security headers, and formalized security policies to strengthen its security posture and regulatory adherence.

N

National Heritage Institute (Národní památkový ústav)

zamek-slatinany.cz

43

The website represents the official online presence of the Slatiňany State Chateau, managed by the National Heritage Institute of the Czech Republic. It serves as a cultural heritage and tourism portal providing detailed visitor information, historical context, event announcements, and online ticketing options. The site targets tourists and cultural enthusiasts interested in historic sites and government-managed heritage locations. The business model is governmental and non-profit, focusing on preservation and public engagement. Technically, the website employs a modern tech stack including jQuery, Leaflet.js for maps, Google Analytics and Tag Manager for analytics, and uses Typekit and Google Fonts for typography. The site is hosted by REG-WEBGLOBE and uses HTTPS with cookie consent mechanisms that allow granular user control, indicating a mature digital infrastructure. Mobile optimization and accessibility are well addressed. From a security perspective, the site uses HTTPS and cookie consent but lacks explicit security policy pages and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the business claims, showing a domain age appropriate for the institution. Overall, the site demonstrates a good security posture but could improve transparency on security policies. The overall risk is low given the official nature and absence of suspicious elements. Strategic recommendations include publishing a dedicated privacy policy on the main domain, adding security headers, and providing incident response contact details to enhance trust and compliance.

N

Nadace sester Boromejek

nadacesesterboromejek.cz

47

Nadace sester Boromejek is a Czech non-profit foundation dedicated to supporting individuals and organizations committed to helping others, particularly through the activities of the Boromejka sisters. The foundation facilitates financial and material donations, supports social and ecological projects such as the Hangáry Goretti initiative, and provides assistance to various charitable organizations. The website is professionally designed using WordPress with Elementor and Astra theme, featuring clear navigation and calls to action for donations. Social media presence on Facebook, Instagram, and YouTube enhances outreach and trust. Technically, the website employs modern web technologies and includes Google Analytics and Cookiebot for analytics and privacy compliance. The site is mobile-optimized and uses HTTPS, ensuring secure communication. However, explicit security headers are not fully implemented, and no detailed security or incident response policies are publicly available. The absence of WHOIS data for the domain reduces trustworthiness from a registration perspective, though the website content and social media presence suggest legitimate operations. Overall, the security posture is moderate with room for improvement in security headers and transparency. Privacy compliance is good with cookie consent mechanisms in place. The lack of explicit contact information and WHOIS data are notable gaps. Strategic recommendations include enhancing security headers, publishing detailed security and privacy policies, and verifying domain registration details to improve trust and compliance.

K

Křižovnické lesy, s.r.o.

krizovnickelesy.eu

49

Křižovnické lesy, s.r.o. is a Czech forestry management company founded in 2015, managing forest assets owned by the Rytířský řád Křižovníků s červenou hvězdou. The company operates across multiple regions in the Czech Republic, focusing on sustainable forest management and timber supply, with certifications such as PEFC and participation in FSC. The website is built on WordPress using a standard theme, with moderate performance and basic mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and policies. Privacy and cookie policies are absent, indicating compliance gaps. Contact is primarily via a contact form on a dedicated page. Overall, the site presents a professional and trustworthy image consistent with a small regional forestry business.

SFMCON.dk is a professional consultancy specializing in smart ticketing and Mobility as a Service (MaaS) solutions primarily targeting public transport stakeholders. Founded by Søren H. Sørensen in 1998 and based in Copenhagen, Denmark, the company offers expert consulting and program management services to facilitate integrated mobility solutions combining public and private shared vehicles. The website reflects a niche market position with clear service offerings and a professional presentation. Technically, the website is built on WordPress using the Divi theme, incorporating standard web technologies such as jQuery and Google Fonts. The site is moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. No analytics or tracking services are detected, indicating minimal user tracking. From a security perspective, the site uses HTTPS but lacks DNSSEC and important security headers, which lowers its security posture. There are no visible privacy, cookie, or incident response policies, which impacts compliance and user trust. The domain WHOIS data is consistent and transparent, supporting legitimacy. Overall, the website is functional and professional but would benefit from enhanced security practices, privacy compliance measures, and improved technical optimization to strengthen trust and user experience.

I

Industry 5.0 konverents - Industry 5.0

industry40.ee

45

Industry 5.0 is a specialized conference website focused on enhancing the competitiveness of Estonian industrial enterprises through innovation, AI, sustainability, and export strategies. The event is scheduled for May 14, 2025, in Tartu, Estonia, targeting manufacturing professionals, government, and educational sectors. The website is built on WordPress with modern plugins such as Yoast SEO, Elementor, and Google Analytics integration, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enabled but lacks DNSSEC and security headers, and there are no visible privacy or cookie policies, indicating compliance gaps. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security measures.

The website at http://ww1.raiamsterdam.nl/ appears to be a minimal content page primarily embedding an iframe from an unrelated external domain with obfuscated tracking parameters. There is no visible business information, contact details, or privacy and cookie policies. The domain uses a 'ww1' subdomain prefix and privacy-protected WHOIS data, which are often indicators of suspicious or temporary sites. The technical infrastructure lacks HTTPS enforcement and security headers, and the embedded iframe content raises concerns about potential malicious or tracking behavior. Overall, the site does not present itself as a legitimate business or service provider and appears to be a proxy or redirect page with advertising and tracking elements.

F

Filip Vlček

vlcoun.cz

44

Vlčoun.cz is a Czech Republic-based informational portal focused on transportation news, including public transit, railways, and infrastructure updates. Founded in 2011 and operated by Filip Vlček, it serves a niche audience of commuters, transport enthusiasts, and professionals. The site offers news articles, schedules, special reports, and advertising opportunities, positioning itself as a trusted source within the Czech transportation sector. The portal maintains active social media profiles on Facebook and Instagram, enhancing community engagement. Technically, the website runs on an outdated Joomla 1.5 CMS platform, which poses security and maintenance challenges. It uses common web technologies such as jQuery and MooTools, along with Google Analytics and Tag Manager for tracking. The presence of deprecated Flash content and lack of modern security headers indicate technical debt and potential vulnerabilities. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO. From a security perspective, the site benefits from HTTPS and a cookie consent mechanism compliant with EU regulations. However, the absence of a privacy policy, terms of service, and security headers reduces its compliance posture. The outdated CMS and Flash usage increase risk exposure. WHOIS data is consistent and legitimate, supporting the site's credibility. Overall, the security posture is moderate but requires upgrades to meet modern standards. Strategically, Vlčoun.cz should prioritize upgrading its CMS to a supported version, removing deprecated technologies, and implementing comprehensive security headers. Enhancing privacy documentation and improving mobile and accessibility features will boost user trust and compliance. These steps will strengthen the portal's position as a reliable transportation information source in the Czech Republic.

A

Amazing Media, s.r.o.

reportazezprumyslu.cz

44

Reportáže z průmyslu, operated by Amazing Media, s.r.o., is a Czech media platform specializing in industrial sector news, interviews, and magazine publications. The website targets professionals and stakeholders in manufacturing, energy, and transportation industries, providing relevant content and advertising opportunities. The platform maintains a professional digital presence with modern web technologies and social media integration. Technically, the site uses popular JavaScript libraries and frameworks such as jQuery, Bootstrap, and carousel plugins, ensuring a responsive and user-friendly experience. Privacy and cookie policies are implemented with GDPR compliance and user consent mechanisms. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though security headers and incident response contacts could be improved. The absence of WHOIS data reduces transparency and trust slightly, but the overall business credibility and content quality remain solid. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure information, and improving contact transparency to strengthen trust and compliance.

Č

České dopravní vydavatelství, s.r.o.

dnoviny.cz

42

České dopravní vydavatelství, s.r.o. operates the website www.dnoviny.cz, a professional Czech-language transport and logistics news portal providing weekly publications, industry news, and advertising services. The site targets business professionals, managers, and government officials in the transportation sector. The business model centers on publishing and advertising with additional offerings such as seminars. The website is well-branded, content-rich, and updated regularly, reflecting a medium-sized established media entity in the Czech Republic. Technically, the website employs modern web technologies including Google Analytics, Facebook SDK, and CSS3, with good mobile optimization and SEO practices. The site uses HTTPS with a secure SSL configuration but lacks some security headers and a cookie consent mechanism, which are recommended for enhanced security and compliance. The WHOIS data is unavailable, which limits domain registration trust assessment but the website content and business information appear legitimate. Security posture is moderate with secure forms and no visible vulnerabilities, but improvements are needed in security headers and privacy compliance. No incident response or vulnerability disclosure policies are published. Overall, the site is professional and trustworthy but would benefit from enhanced security and privacy transparency. The overall risk is moderate with no critical issues detected. Strategic improvements in security headers, cookie consent, and domain registration transparency will strengthen trust and compliance.

O

Objedname.cz

buspress.eu

44

BusPress.cz is a specialized online magazine focused on buses and public transportation, primarily serving the Czech Republic and European markets. It provides news, articles, and industry updates related to bus manufacturers, transportation policies, and events. The website is built on WordPress and uses common plugins to enhance user experience and SEO. The content is well-structured and relevant to its niche audience, with a consistent branding approach. However, the site lacks explicit privacy and cookie policies, which impacts compliance and user trust. Technically, the site uses HTTPS and standard web technologies but could improve security headers and update some libraries. No signs of WAF or content blocking were detected, and the site is accessible with no adult or questionable content.

T

TIP Travel a.s.

tiptravel.sk

49

TIP Travel a.s. is a well-established Slovak travel agency specializing in holiday packages, last minute deals, and exotic trips. The company has a strong market presence in Slovakia with over 20 years of operation, offering a wide range of travel services including insurance, loyalty programs, and airport parking partnerships. The website reflects a professional and user-friendly platform targeting general consumers seeking vacation options. Technically, the site uses a modern tech stack including ASP.NET, Vue.js, and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and Hotjar. Privacy compliance is robust with a clear cookie consent mechanism and GDPR-aligned privacy policy. Security posture is good with HTTPS enforced and no obvious vulnerabilities, though improvements in security headers and vulnerability disclosure could enhance trust. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.