Security Directory

P

Pineparks Technologies

pineparks.ee

0

Pineparks Technologies is a small Estonian-based technology company specializing in professional web development, e-commerce solutions, software development, mobile app creation, and UX design. The company has a strong market position supported by international awards and a multi-entity presence including domains in Estonia, the UK, and Switzerland.

R

Rail Baltic Estonia

rbestonia.ee

0

Rail Baltic Estonia is a key organization managing the Rail Baltica infrastructure project in Estonia, aiming to establish a green rail connection with Europe. The website reflects a medium-sized government-backed entity focused on transportation infrastructure, providing project updates, career opportunities, and stakeholder information.

The website elsner.at is a parked domain sale page operated by CORNUCOPIAS.COM OÜ, an Estonian company specializing in domain resale. The site offers the domain for sale via well-known domain marketplaces Sedo and DAN.com, highlighting experience and buyer protection programs. The technical infrastructure relies on Amazon S3 and CloudFront CDN, with minimal content and basic design elements such as Google Fonts. However, the site lacks HTTPS support due to an invalid or missing SSL certificate, which significantly impacts security and trust. No privacy, cookie, or terms of service policies are present, and no contact information is provided, limiting user trust and compliance with privacy regulations.

Z

Zone Media OÜ

zone.lv

0

Zone Media OÜ operates the website zone.lv and zone.eu, providing domain registration, web hosting, and cloud services primarily targeting European businesses. With over 25 years of hosting experience and a customer base of nearly 145,000 domains, the company positions itself as a reliable and innovative technology provider. Their offerings include a wide range of domain extensions, WordPress-optimized hosting, and cloud VPS solutions, supported by a proprietary platform called ZoneOS. The website demonstrates strong digital maturity with modern technologies, good SEO practices, and a comprehensive cookie consent mechanism compliant with GDPR. Security posture is robust with HTTPS, SPF, and DMARC configured, though improvements like enabling HSTS and DNSSEC are recommended. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

Z

Zone Media OÜ

zone.lt

0

Zone Media OÜ operates the website zone.lt (redirects to zone.eu) providing domain registration, web hosting, and cloud services primarily targeting European businesses. The company positions itself as a reliable and experienced provider with 25 years of hosting experience and a mature domain. Their offerings include domain registration across a broad range of TLDs, managed cloud servers, WordPress hosting, and AI-assisted website creation tools. The website is professionally designed with clear navigation, mobile optimization, and SEO best practices implemented. Technically, the site uses WordPress CMS with modern JavaScript libraries and plugins, delivering moderate performance and good accessibility. Security posture is solid with HTTPS, SPF, and DMARC policies in place, though improvements like enabling HSTS, DNSSEC, and OCSP stapling are recommended. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms active. The domain registration data is consistent with the business identity, showing no suspicious patterns aside from missing domain locks. Overall, the website is trustworthy, professional, and well-positioned in the European hosting market.

I

Inbank

inbank.eu

0

Inbank operates as an embedded financing platform focused on accelerating sales for merchants and providing tailored financing solutions to consumers across multiple European markets. The company supports a broad range of sectors including retail, eco-friendly products, and automotive financing, positioning itself as a significant player with over 872,000 active contracts and partnerships with more than 6,000 retailers. The website reflects a professional and consistent brand image with clear business information and a user-friendly design. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, styled with Tailwind CSS, and hosted on Amazon AWS infrastructure. While the site performs moderately well and is mobile optimized, it lacks a valid SSL certificate and HTTPS support, which is a critical security flaw. Additionally, no security headers or advanced TLS configurations are present, exposing the site to potential risks. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture score. Privacy and cookie policies are implemented with consent mechanisms, indicating basic GDPR compliance. Contact information is clearly available, but no explicit security or incident response policies are found. The WHOIS data is consistent with the business claims, supporting domain legitimacy. Overall, the website demonstrates good business credibility and content quality but suffers from critical security shortcomings. Immediate remediation of SSL/TLS issues and implementation of security best practices are recommended to enhance trust and protect users.

The website myzone.app currently serves as a parked domain page indicating that the domain is registered but not linked to any hosting service. It promotes web hosting packages from Zone.eu in multiple languages, targeting domain owners who need hosting services. The site is basic in content and design, with no privacy or cookie policies, no contact information, and no active forms or data collection. Technically, the site uses standard HTML, CSS, and JavaScript but lacks a valid SSL certificate and modern TLS protocols, resulting in no HTTPS support. Security posture is weak due to missing SSL and security headers, although SPF and DMARC records are properly configured. Overall, the site is functional as a parked domain but lacks essential security and compliance features.

The website harno.ee is a government-related domain managed by the Estonian Ministry of Education and Research (Haridus- ja Teadusministeerium) through its EENet network services. It appears to serve as a portal for educational and research network infrastructure in Estonia. However, the website content is currently inaccessible due to a Cloudflare Turnstile captcha security challenge, preventing direct content analysis. The domain is registered consistently with the governmental entity and has a domain age appropriate for its establishment in 2020. Technically, the site is hosted behind Cloudflare with security measures such as HSTS enabled, but it lacks a valid SSL certificate and modern TLS protocol support, resulting in no HTTPS availability. DNS records show a well-configured SPF and DMARC policy, but DNSSEC is not enabled. Performance is slow, and no content or business contact information is visible on the challenge page. Security posture is weak due to missing HTTPS and incomplete security headers, though email security policies are in place. Privacy compliance is poor with no visible privacy or cookie policies. Business credibility is moderate based on domain registration and affiliation with a government entity but is limited by lack of accessible content and contact details. Overall, the site requires improvements in SSL/TLS configuration, enabling DNSSEC, and publishing privacy and cookie policies. The current WAF challenge limits content accessibility and analysis, impacting trust and user experience.

E

Eesti Hariduse Kvaliteediagentuur

haka.ee

0

Eesti Hariduse Kvaliteediagentuur (HAKA) is a government-affiliated Estonian agency specializing in the external quality assessment and accreditation of educational institutions. It operates under the Education and Youth Board and is recognized as a leading competence center in Estonia for education quality assurance. The agency is a member of prominent European quality assurance networks such as EQAR, ENQA, INQAAHE, and EQAVET, reinforcing its credibility and international cooperation. The website provides comprehensive information about its services, quality culture promotion, and training activities targeted at educational institutions, experts, and students.

I

IT Crafters

itcrafters.eu

0

IT Crafters is an online education platform specializing in training individuals to become Java Software Developers within 8 months. Powered by BCS Koolitus, Estonia's largest training company, it offers a comprehensive program including practical projects, mentoring, and employment support. The website is professionally designed with clear navigation and detailed content, targeting aspiring IT professionals, especially those without prior experience. The technical infrastructure leverages modern web technologies and Tilda CMS, with adequate mobile optimization but slower performance. Security measures include HTTPS with modern TLS versions and basic email authentication records, though improvements like HSTS and OCSP stapling are recommended. Privacy and terms of service are clearly provided, supporting GDPR compliance. Overall, the site presents a credible and trustworthy educational service with strong business partnerships and a focus on user engagement and support.

B

BCS Koolitus AS

bcskoolitus.ee

0

BCS Koolitus AS is a well-established Estonian company specializing in IT training and certification services for both IT specialists and general computer users. The company offers a broad range of courses including Microsoft Office, IT infrastructure management, programming languages, and e-learning platforms. Their market position is strong within Estonia, supported by extensive project experience and recognized quality certifications such as the HAKA quality mark. The website reflects a professional and consistent brand image with detailed service descriptions and active client engagement through testimonials and project showcases. Technically, the site is built on WordPress with modern technologies and includes multilingual support, though performance optimization is needed due to slow load times and large page size. Security posture is generally good with HTTPS and OCSP stapling, but improvements are recommended in DNS and email security configurations. Privacy compliance is basic with cookie consent mechanisms and privacy policies present, but GDPR compliance could be enhanced. Overall, the company demonstrates credible business operations with clear contact information and a moderate level of digital maturity.

B

BCS

bcs.ee

0

BCS is a well-established Estonian IT services company founded in 1989, specializing in IT management, cybersecurity, and business IT solutions. The company positions itself as a trusted partner for digital innovation and security, targeting businesses and organizations in Estonia. Their website reflects a mature digital presence with comprehensive service offerings and a focus on cybersecurity through their Infoturbekeskus. Technically, the site is built on WordPress with modern technologies such as TLS 1.3, reCAPTCHA, and LiveChat integration, though performance could be improved due to high resource count and load time. Security posture is solid with proper SSL configuration, SPF and DMARC email protections, and no critical vulnerabilities detected. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, though terms of service and explicit security policies are not found. Overall, the site demonstrates good business credibility and technical maturity with room for security header enhancements and performance optimization.

T

Toode

toode.ee

0

Toode AS is an established Estonian company specializing in roofing materials, rainwater systems, and roofing accessories, with a history dating back to 1991. The company serves the Baltic region with a medium-sized business model that includes manufacturing, retail, and e-commerce components. Their website reflects a consistent brand presence and targets customers seeking quality roofing solutions. Technically, the site is built on WordPress with a variety of plugins and third-party integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no advanced TLS configurations. Privacy compliance is basic with a privacy policy and cookie consent mechanism present but could be enhanced. Overall, the domain and WHOIS data confirm the legitimacy and maturity of the business. Strategic improvements in security and performance are recommended to enhance trust and compliance.

M

Maksekeskus AS

makecommerce.net

0

MakeCommerce is a leading payment solutions provider focused on the Baltic e-commerce market, serving over 6,000 merchants with a comprehensive suite of payment and delivery integration services. The company offers a broad range of payment methods including bank payments, card payments, buy now pay later options, and POS terminals, positioning itself as a key player in the regional e-commerce ecosystem. The website reflects a mature digital presence with professional design, multilingual support, and developer resources facilitating integration with popular e-commerce platforms. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. While privacy compliance is well addressed through cookie consent mechanisms and a comprehensive privacy policy, the technical security posture requires urgent improvement. Overall, the business appears legitimate and well-established, but the security shortcomings pose a significant risk that should be remediated promptly.

F

Flirtic Llc

face.lv

0

Face.lv is a Latvian language social networking platform operated by Flirtic Llc, based in Estonia. The platform focuses on photo rating and social interaction, boasting a large user base exceeding 687,000 users and over 1.2 million images. It offers features such as user profiles, messaging, photo rating, horoscopes, and quizzes, targeting social network users interested in interactive photo-based engagement. The business model centers on user-generated content and social connectivity within a regional market. Technically, the website employs common web technologies including Bootstrap, jQuery, Google Analytics, Facebook SDK, and third-party marketing tools. Hosting is provided by ratesolutions.eu, and payment processing is handled by Maksekeskus, a trusted partner. Performance is moderate with a page load time of approximately 5 seconds and a page size of about 577 KB. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism despite active tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

L

Luminor

luminorcareers.ee

0

LuminorCareers.ee is a professional career portal for Luminor bank, primarily targeting job seekers in Estonia and the Baltic region. The website offers detailed job listings, employee testimonials, and career-related information, positioning Luminor as an employer of choice in the banking sector. The site leverages modern web technologies and a CMS platform to deliver content but suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. Privacy compliance is well addressed through OneTrust cookie consent and a comprehensive privacy policy. However, the lack of visible contact information and security policies limits transparency. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

A

AS CREDITINFO EESTI

e-krediidiinfo.ee

0

AS CREDITINFO EESTI operates the e-krediidiinfo.ee website, providing comprehensive credit and business information services primarily for Estonian, Lithuanian, and Finnish companies. The platform offers services such as credit risk assessments, monitoring, payment default management, and sanctions screening, targeting businesses seeking to evaluate their partners and clients. The website demonstrates a professional design with clear navigation and relevant content tailored to its target audience. However, the technical infrastructure shows room for improvement, particularly in security and performance aspects. The absence of a valid SSL certificate and HTTPS support is a critical vulnerability that undermines user trust and data security. The site employs modern web technologies and integrates multiple analytics and marketing tools with a compliant cookie consent mechanism, reflecting a moderate level of digital maturity.

L

Luminor Bank AS

luminor.ee

0

Luminor Bank AS operates as a leading financial institution in the Baltic region, offering a comprehensive suite of banking services including payments, loans, savings, investments, and private banking. The website targets both retail and business customers and positions itself as the third largest financial services provider in the Baltics. The digital presence is built on modern web technologies such as React and integrates tools like Google Tag Manager and LiveChat for enhanced user engagement. However, the website suffers from a critical security flaw due to the absence of a valid SSL certificate, exposing users to potential data interception risks. Privacy and cookie policies are well implemented and GDPR compliant, reflecting a strong commitment to user data protection. Overall, while the business credibility and content quality are high, the security posture requires urgent improvement to meet industry standards and protect customer data effectively.

SEB Eesti operates as a major banking institution in Estonia, providing a broad spectrum of financial services including retail, corporate, and private banking. The website reflects a mature and professional digital presence with comprehensive content targeting private individuals and business clients. The technical infrastructure is based on Drupal CMS with modern frontend technologies, offering good mobile optimization and accessibility. However, the security posture is significantly weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability for a financial services website. Privacy compliance is well addressed with clear cookie and privacy policies, and the domain registration is consistent and trustworthy. Strategic improvements in SSL/TLS configuration and security headers are urgently recommended to protect user data and maintain trust.

A

AS Creditinfo Eesti

creditinfo.ee

0

AS Creditinfo Eesti operates Estonia's largest and most trusted business information database, offering comprehensive credit information, payment default registers, credit ratings, and business lists. As part of the international Creditinfo Group, it serves a broad audience including businesses and individuals seeking to manage credit risks and make informed financial decisions. The company is well-established with a domain age of 9 years and recognized certifications such as ISO 27001, underscoring its commitment to information security. Technically, the website is built on WordPress with modern JavaScript libraries like jQuery and Slick Carousel, integrated with analytics and marketing tools including Google Tag Manager, Hotjar, and Facebook Pixel. The site demonstrates good SEO and mobile optimization, though performance is moderate and could benefit from further optimization. The hosting and DNS infrastructure is stable but lacks advanced security features like DNSSEC and domain protection locks. Security posture reveals critical issues, notably the absence of a valid SSL certificate, which severely impacts user trust and data protection. While DMARC policies and some best practices are in place, the lack of HTTPS and HSTS headers exposes the site to potential risks. Privacy compliance is strong, with clear cookie consent mechanisms and GDPR adherence. Business credibility is high, supported by clear contact information, social media presence, and trust signals. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain trust. Strategic improvements in DNS security and domain management would further enhance its security posture.

D

DA Industries OÜ

digitaladventurers.com

0

Digital Adventurers (DA Industries OÜ) is a small Estonian technology company specializing in website and mobile app development with a focus on the global B2B sector. Their flagship offering includes an AI-powered virtual companion service, Lulu, targeting Portuguese-speaking users via WhatsApp. The company demonstrates expertise in natural language processing, cultural adaptation, and scalable integration. Technically, the website uses modern frontend technologies such as Bootstrap and jQuery and is hosted behind Cloudflare DNS services. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. While SPF and DMARC email protections are configured, the lack of security headers and privacy policies indicates gaps in compliance and best practices. Overall, the business appears legitimate and consistent with WHOIS data, but the website's security and privacy implementations require urgent improvement.

I

If P&C Insurance AS

if.ee

0

If P&C Insurance AS operates the website if.ee, providing a broad range of insurance products and services targeted at both private individuals and business clients in Estonia. The company offers various insurance types including vehicle, home, travel, accident, and pet insurance, positioning itself as a leading insurance provider in the Baltic region. The website is multilingual and designed to facilitate online insurance purchases and claims management, reflecting a mature digital business model. Technically, the site leverages Microsoft Azure DNS, Episerver CMS, and integrates advanced analytics tools such as Microsoft Application Insights and Google Tag Manager. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses that could undermine user trust and data protection. The site demonstrates good compliance with GDPR and cookie regulations, including explicit cookie consent mechanisms and published privacy policies. Contact information is clearly provided, including a company email and phone number, alongside active social media channels. Overall, the website reflects a professional and comprehensive insurance service platform but requires urgent security improvements to ensure safe and trusted user interactions.

C

CryptoProcessing.com

cryptoprocessing.com

0

CryptoProcessing.com is a cryptocurrency payment gateway and processor licensed in Estonia, providing businesses with the ability to accept, store, and send cryptocurrencies including Bitcoin, Ethereum, Litecoin, and over 20 others. The platform offers crypto-to-fiat conversion, enabling merchants to receive payments in fiat currencies while accessing a global crypto user base. With over 10 years of experience and a medium-sized team, CryptoProcessing positions itself as a secure, compliant, and user-friendly payment solution in the fintech and crypto payment processing market. The company is backed by CoinsPaid, a trusted name in the industry, and holds ISO 27001 certification along with independent security audits.

D

Dream Finance OU

coinspaid.com

0

CoinsPaid, operated by Dream Finance OU, is a leading crypto payment processor based in Estonia, founded in 2014. The company offers a comprehensive ecosystem of crypto financial solutions including payment gateways, business wallets, OTC desks, and SaaS products tailored for businesses. It holds a strong market position as the #1 cryptocurrency services supplier according to the EGR B2B Awards 2024 and maintains ISO 27001 certification, reflecting its commitment to security and compliance. The website demonstrates a mature technical infrastructure leveraging WordPress CMS, PHP 8.1, Cloudflare hosting, and modern JavaScript libraries, optimized for performance and mobile experience. Security posture is solid with no known SSL vulnerabilities, use of secure cookies, and compliance with GDPR and AML/KYC regulations. However, improvements such as enabling HSTS and DNSSEC could further enhance security. Overall, CoinsPaid presents a professional, trustworthy, and well-structured digital presence aligned with its business objectives.

The website https://teliatv.ee exhibits a concerning security posture with critical gaps in its security headers, GDPR compliance, and adherence to NIS2 framework requirements. These deficiencies expose the business to regulatory penalties, increased risk of cyberattacks, and potential damage to customer trust. Immediate remediation is essential to mitigate legal and operational risks.

The security assessment of viaplay.ee reveals significant vulnerabilities primarily in web security headers, GDPR compliance, and NIS2 regulatory adherence, resulting in a poor overall security posture. While foundational network and TLS configurations are relatively strong, critical gaps in privacy policies and incident response frameworks pose substantial business and legal risks.