Security Directory

P

Svi odgovori na jednom mjestu - pressrs.ba

pressrs.ba

0

Pressrs.ba is a Bosnian content portal launched in 2021, providing educational and informational articles across various life topics. The website targets a general audience seeking knowledge and answers to everyday questions. Technically, the site is built on WordPress using the Divi theme, leveraging Google Fonts, Google Tag Manager, and Google Adsense for content delivery and monetization. The site demonstrates moderate digital maturity with good mobile optimization and SEO practices but lacks advanced security headers and explicit privacy or cookie policies. Security posture is adequate with HTTPS enabled but could be improved by adding security headers and formal policies. Overall, the site is legitimate and functional but would benefit from enhanced privacy compliance and clearer contact information to improve trust and regulatory adherence.

eNovosti.info is a Serbian language online news portal established in 2007, targeting audiences primarily in Republika Srpska and Serbia. It offers a wide range of news categories including politics, sports, culture, economy, and entertainment. The site is monetized primarily through Google Adsense advertising and uses Google Analytics for visitor tracking. The portal is powered by BitLab CMS and hosted by BitLab services, indicating a partnership with a local technology provider. The website demonstrates good content quality and user experience with clear navigation and mobile optimization, but lacks critical privacy and security features such as HTTPS and privacy policies.

B

BitLab

privreda.org

0

Privreda.org is a regional business portal focused on companies and entrepreneurs in Republika Srpska and the Federation of Bosnia and Herzegovina. Operated by BitLab, the portal provides a categorized business directory, promotional services including company web page creation, advertising on the portal and social media, and additional marketing and hosting services. The website is well-established with a domain age since 2002, indicating a stable market presence. The portal targets local businesses seeking increased visibility and digital presence within the regional market. Technically, the website uses a custom CMS with common web technologies such as jQuery, Bootstrap, Font Awesome, and Slider Revolution. Hosting is provided by BitLab, the same organization listed as the domain registrant, ensuring consistency. The site is moderately performant and mobile optimized, with basic SEO and accessibility features. Advertising is integrated via Google Adsense and Twitter widgets, with minimal user tracking. From a security perspective, the site uses HTTPS and secure form tokens but lacks advanced security headers and DNSSEC. No privacy, cookie, or terms of service policies are published, indicating gaps in compliance and transparency. Incident response and vulnerability disclosure information are absent. The WHOIS data aligns well with the website content and hosting, supporting legitimacy. Overall, the website is a functional and moderately professional business portal with good business credibility but requires improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

B

BitLab d.o.o.

eposao.info

0

ePosao.info is an established online job board platform founded in 2006, primarily serving the Balkan region including Bosnia and Herzegovina, Serbia, Croatia, and Montenegro. The platform facilitates job seekers and employers by providing job listings, candidate searches, and human resource management tools. The website is developed and hosted by BitLab d.o.o., a regional IT service provider. The platform targets a regional audience with multilingual support and a focus on quick and easy recruitment processes. Technically, the website uses a custom CMS with common web technologies such as jQuery, Bootstrap, and Font Awesome, but includes some outdated components like Flash-based upload plugins and older jQuery versions. Security posture is moderate with HTTPS enabled but lacking modern security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and trustworthy but would benefit from modernization and improved compliance.

The website autoberza.biz serves as an informational platform focused on moving services, specifically targeting local and commercial moving needs in the New Rochelle, Scarsdale, and broader New York City area. It provides blog articles offering advice on selecting moving companies, planning moves, and the benefits of professional movers. The business model appears to be service information and lead generation for moving services, catering primarily to individuals and businesses planning relocations. The site is relatively new, with domain registration dating back to 2021, consistent with a small local service provider. Technically, the website is built on WordPress using the Sparkling theme, leveraging common web technologies such as jQuery, Bootstrap, and FontAwesome. Hosting is provided by Vultr, and the site uses HTTPS, ensuring basic transport security. Performance and mobile optimization are moderate to good, though accessibility and SEO optimizations are basic. The site lacks advanced security headers and DNSSEC, indicating room for improvement in security hardening. From a security perspective, the site has a basic security posture with HTTPS enabled but no additional security headers or published security policies. There are no visible vulnerabilities or exposed sensitive data, but the absence of privacy and cookie policies, contact information, and incident response details reduces compliance and trustworthiness. No analytics or tracking scripts were detected, suggesting minimal user tracking. The domain registration is privacy protected but uses a reputable registrar, with no suspicious patterns detected, supporting legitimacy. Overall, the website is functional and provides relevant content for its target audience but lacks critical compliance and security features. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security posture, supporting better business credibility and user confidence.

Г

Главна служба ревизије РС

gsr-rs.org

0

The website represents the Supreme Audit Office of the Republic of Srpska, a government institution responsible for auditing public sector entities. It provides comprehensive audit reports, recommendations, and statistical data to promote transparency and accountability. The site targets government officials, auditors, and the general public interested in public sector oversight. The business model is a government service institution with a medium organizational size and a history dating back to 2000. Technically, the website is built on WordPress with modern frameworks like Bootstrap and includes accessibility enhancements via the Readabler plugin. It uses Google Tag Manager for analytics and tracking. The site is mobile-optimized and well-structured with good SEO and accessibility features. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and security headers. There is no visible security policy or incident response contact information, which could be improved. Privacy compliance is partially met with a privacy policy but lacks a cookie consent mechanism. Overall, the website is trustworthy, professional, and serves its government audit function well. Strategic improvements in security headers, DNSSEC, and privacy consent would enhance its security posture and compliance.

N

NALAS

nalas.eu

0

NALAS is a well-established non-profit network representing local authorities across South-East Europe, coordinating regional initiatives and promoting decentralisation and European integration. The website is professionally designed using WordPress, with good mobile optimization and clear navigation. However, it lacks explicit privacy and cookie policies, which are critical for GDPR compliance. Security posture is solid with HTTPS but could be improved by adding security headers and incident response information. Contact information is limited to a newsletter subscription form, which restricts direct communication channels. Overall, the site reflects a credible and trustworthy organization with room for compliance and security enhancements.

D

Delegation of the European Union to Bosnia and Herzegovina & European Union Special Representative in Bosnia and Herzegovina

europa.ba

0

The Delegation of the European Union to Bosnia and Herzegovina serves as the official representation of the EU in Bosnia and Herzegovina, providing comprehensive information on EU activities, projects, and policies in the country. The website is professionally designed, well-structured, and targets a broad audience including citizens, media, and stakeholders interested in EU-Bosnia relations. Technically, the site is built on Drupal 10 with modern web standards, ensuring good performance, mobile responsiveness, and accessibility. Security posture is strong with HTTPS enforced and standard security headers likely in place, although explicit security policies and incident response details are not published. Privacy compliance is robust, featuring clear privacy and cookie policies with consent mechanisms aligned with GDPR. The domain is part of the official europa.eu space, managed by EU authorities, ensuring high legitimacy despite the absence of WHOIS details due to privacy policies. Overall, the site reflects a mature, trustworthy, and authoritative EU governmental presence in Bosnia and Herzegovina.

S

Sveriges Kommuner och Regioner

skr.se

0

Sveriges Kommuner och Regioner (SKR) is a well-established Swedish government-related membership and employer organization representing all municipalities and regions in Sweden. The organization provides policy development, employer services, research, and member support to enhance welfare services. The website reflects a mature digital presence with a clear focus on public sector stakeholders in Sweden. Technically, the site uses modern JavaScript frameworks including React and jQuery, hosted on Basefarm infrastructure with SiteVision CMS. Analytics are implemented via Piwik Pro with a cookie consent mechanism ensuring GDPR compliance. Security posture is good with HTTPS enforced and no exposed sensitive data, though DNSSEC is not enabled and some security headers are missing. Contact information is clearly provided, and the site maintains a professional and trustworthy appearance.

The European Platform of Transport Sciences (EPTS Foundation e.V.) operates as a non-profit organization dedicated to advancing transport sciences across Europe. Their website highlights key activities such as organizing the European Transport Congress and publishing the open-access European Transport Studies journal in collaboration with Elsevier. The target audience primarily consists of transport scientists, academics, and professionals interested in sustainable mobility and transport research. The organization positions itself as a reputable platform fostering scientific discourse and collaboration in the transport sector. Technically, the website is built on the Contao Open Source CMS and leverages several JavaScript libraries including jQuery, jQuery UI, MediaElement.js, Colorbox, and Swipe.js to enhance user experience. The site is moderately optimized for mobile devices and presents a clear navigation structure. However, some SEO and accessibility features could be improved. The website uses HTTPS as indicated by the base URL, but lacks visible security headers which could enhance its security posture. From a security perspective, the site shows no signs of blocking or WAF interference and does not expose sensitive data. However, it lacks a cookie consent mechanism and visible security policies such as incident response or vulnerability disclosure. The WHOIS data is not publicly available due to EURid privacy policies, but this is typical for European domains and does not raise immediate concerns. Overall, the site demonstrates a moderate security posture with room for improvement in compliance and transparency. The overall risk assessment is low, with recommendations focusing on enhancing security headers, implementing cookie consent for GDPR compliance, publishing clear security policies, and improving accessibility and SEO. These steps would strengthen trust and compliance while supporting the organization's mission in transport sciences.

Open SDG is an open source platform developed and maintained by the Office for National Statistics in the UK, focused on managing and publishing data related to the UN Sustainable Development Goals. The platform targets governments, localities, and organizations involved in SDG data management, offering flexible, customizable tools and comprehensive documentation. The website is professionally designed using modern static site generation technology (Jekyll) and hosted on AWS infrastructure, ensuring good performance and mobile optimization. Analytics tools such as Google Analytics and Hotjar are used with cookie consent mechanisms in place, although privacy policy and terms of service pages are not present. Security posture is strong with HTTPS enforced and domain registration consistent with the official government entity, but could be improved by enabling DNSSEC and adding security headers. Overall, the website is trustworthy, professional, and serves a niche government/non-profit sector audience effectively.

T

Thüringer Landtag

thueringer-landtag.de

0

The Thüringer Landtag website serves as the official digital presence of the state parliament of Thuringia, Germany. It provides comprehensive information about parliamentary activities, members, committees, legislation, events, and public participation mechanisms such as petitions and discussion forums. The site targets citizens, media, and political stakeholders, positioning itself as a trusted government information portal. Technically, the site is built on TYPO3 CMS with modern responsive design and accessibility features, hosted likely by Deutsche Telekom infrastructure. Security posture is solid with HTTPS and basic security headers, though explicit privacy and cookie policies are missing, which is a compliance gap. Social media presence is focused on Mastodon and mainstream platforms, enhancing outreach. Overall, the site is professional, trustworthy, and well-maintained but could improve privacy transparency and security disclosures.

N

Niedersächsische Landeszentrale für politische Bildung

politische-medienkompetenz.de

0

The website politische-medienkompetenz.de is an educational platform operated by the Niedersächsische Landeszentrale für politische Bildung, a governmental institution in Germany focused on political media literacy. It provides free educational materials, tools, and thematic content aimed at educators, youth, and individuals interested in political media competence. The platform holds a strong regional position as an authoritative source for political education in Lower Saxony. Technically, the site is built on TYPO3 CMS, a robust open-source content management system, hosted on servers managed by agenturserver. The site demonstrates good mobile optimization, accessibility, and SEO practices, with structured navigation and meta tags for social sharing. Performance is moderate, with no evident technical debt or vulnerabilities in the visible code. From a security perspective, the site uses HTTPS and implements secure forms with CSRF protections. However, it lacks explicit security headers and a cookie consent mechanism, which are recommended for enhanced security and GDPR compliance. No incident response or vulnerability disclosure policies are published, which could improve trust and security posture. Overall, the website is professional, trustworthy, and safe, with a strong focus on educational content. Strategic improvements in security headers, cookie consent, and transparency around security policies would further enhance its compliance and security maturity.

The website www.oekolandbau.de is a comprehensive, government-backed information portal dedicated to organic farming and bio-food in Germany. It is operated under the auspices of the Bundesanstalt für Landwirtschaft und Ernährung (BLE) and supported by the Bundesministerium für Landwirtschaft, Ernährung und Heimat (BMLEH). The portal offers extensive educational content, market updates, research findings, and regional initiatives to promote sustainable and organic agriculture. Its target audience includes consumers, farmers, educators, researchers, and policymakers interested in organic agriculture and bio-food sectors. The site is well-branded, consistent, and trusted due to its government affiliation and authoritative content. Technically, the website is built on TYPO3 CMS with Yoast SEO integration and uses Matomo for privacy-conscious analytics. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. It employs HTTPS with good SSL configuration and includes a cookie consent mechanism respecting Do Not Track signals. However, explicit security headers and published security policies are absent, representing an area for improvement. From a security perspective, the site demonstrates good practices such as secure form handling and no exposed sensitive data. The privacy policy and cookie consent are comprehensive and GDPR compliant. No vulnerabilities or suspicious content were detected. The WHOIS data aligns with the website's government nature, though DNS servers are managed by third parties, which is not uncommon for government sites. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. Strategic recommendations include enhancing security headers, publishing incident response information, and adding a vulnerability disclosure policy to further strengthen trust and security posture.

The Bundesverband Alternative Investments e.V. (BAI) is a German association representing the interests of the alternative investments sector. The website serves as a professional platform offering advocacy, publications, events, and member services targeted at professionals and organizations involved in alternative investments within Germany. The association holds a strong market position as a leading industry body in this niche. Technically, the website is built on TYPO3 CMS, featuring a modern and responsive design with good SEO and mobile optimization. Security posture is solid with HTTPS enforced, though some improvements are recommended such as adding cookie consent mechanisms and security headers. Overall, the site reflects a credible and professional organization with active engagement through events and publications.

R

Resurs Bank AB (publ)

resurs.com

0

Resurs Bank AB (publ) is a well-established Swedish financial institution offering a broad range of consumer and corporate financial services including savings accounts, loans, credit cards, factoring, payment solutions, and insurance. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content tailored to private individuals and businesses in Sweden. The company positions itself as a trusted partner to help customers manage their everyday finances with flexible and accessible financial products. Technically, the website leverages modern web technologies such as React, AWS S3 for media hosting, Google Tag Manager for analytics, and Google reCAPTCHA v3 for bot protection. The site demonstrates good performance, accessibility, and SEO practices, indicating a mature digital infrastructure. Security measures include HTTPS enforcement, security headers, and user education on fraud prevention. The security posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms aligned with GDPR requirements. However, explicit incident response contacts and vulnerability disclosure policies are not publicly available, representing an area for improvement. Overall, the website and business present a low-risk profile with high trustworthiness and professionalism. The absence of WHOIS data for the www subdomain is noted but does not detract from the legitimacy of the root domain and business operations. Strategic recommendations include enhancing transparency around security incident handling and publishing a vulnerability disclosure policy to further strengthen trust and security culture.

N

NOBA Bank Group AB

noba.bank

0

NOBA Bank Group AB is a leading European specialist bank founded in 2003, offering consumer credit, cards, savings, mortgages, and equity release loans. It operates through subsidiaries including Nordax Bank, Bank Norwegian, and Svensk Hypotekspension across eight countries, serving over two million customers. The website is built on modern technologies such as React and Next.js, hosted on Vercel, and managed via Sanity CMS, reflecting a mature digital infrastructure with excellent performance and mobile optimization. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers and privacy policies are missing, representing areas for improvement. Overall, the website demonstrates high professionalism and trustworthiness, with comprehensive investor relations and sustainability information, but lacks some compliance disclosures. Strategic recommendations include adding privacy and cookie policies, security headers, and a vulnerability disclosure page to enhance compliance and security transparency.

M

Morrow Bank

morrowbank.com

0

Morrow Bank is a Nordic financial institution with a presence in Norway, Sweden, and Finland, operating through country-specific domains. The website serves primarily as a landing page directing users to localized banking sites. The technical infrastructure is modern, leveraging Next.js and React frameworks, and hosted on Microsoft Azure DNS services. The site is mobile optimized with good navigation and professional design, although content is minimal on the landing page. Security posture is moderate with HTTPS implied but lacking DNSSEC and security headers. Privacy and cookie policies are not present, indicating compliance gaps. No contact information or incident response details are provided on this page, limiting transparency. Overall, the domain registration is consistent and legitimate, supporting the bank's credibility.

T

TF Bank AB

tfbank.se

0

TF Bank AB is a Swedish financial institution established in 1987, offering retail banking services primarily focused on savings accounts with competitive interest rates and state deposit guarantees. The bank operates across multiple European countries and is publicly listed on Nasdaq Stockholm, indicating a stable market position and regulatory compliance. The website presents clear, professional content targeting Swedish customers interested in secure savings products. Technically, the site employs modern tracking and consent management tools such as Google Tag Manager, Google Analytics, Cookiebot, and Microsoft Application Insights, hosted on a CMS likely Umbraco, with moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements could be made by enabling DNSSEC and adding explicit security headers. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR-aligned consent mechanisms. Overall, the site reflects a trustworthy and professional banking service with strong legitimacy indicators from WHOIS data and domain age.

B

Brocc AB

brocc.se

0

Brocc AB is a Swedish fintech company specializing in providing smarter loan and savings solutions tailored to individual customer needs. Their platform offers competitive interest rates, cashback features, and a mobile app for comprehensive financial management. The company positions itself as an innovative player in the Swedish financial services market, targeting consumers seeking flexible and transparent financial products. The website reflects a modern, professional design with clear navigation and strong branding consistency. Technically, the site is built on Gatsby and React, hosted likely on AWS infrastructure, and integrates third-party services such as Google Tag Manager and Trustpilot for analytics and social proof. Security-wise, the site enforces HTTPS and uses BankID for secure login, but lacks DNSSEC and explicit security or incident response policies. Privacy compliance is evident with a comprehensive privacy policy and GDPR adherence, though a cookie consent mechanism is missing. Overall, Brocc demonstrates a mature digital presence with room for improvement in security transparency and privacy controls.

A

Aurora Club

auroraclub.hr

0

Aurora Club is a well-established hospitality and entertainment venue located in Primošten, Croatia, known for its large-scale nightclub facilities, multiple bars, dining options, and event hosting capabilities. The business targets tourists and locals seeking nightlife and party experiences, positioning itself as one of the premier clubs on the Croatian coast. The website reflects a mature digital presence built on WordPress with a modern theme and common plugins, offering good content quality and user experience. Privacy and cookie policies are implemented with consent mechanisms, supporting GDPR compliance. Security posture is adequate with HTTPS and cookie consent but lacks explicit security headers and incident response information. Overall, the site is trustworthy and professionally maintained, with clear contact channels and social media integration.

Kordić Holding is a Croatian company specializing in event management, advertising, ticket distribution, rent-a-car services, and international road transport of passengers and goods. Established in 2015, it holds a strong regional presence, particularly in Southern Croatia, with a diversified service portfolio targeting both business and individual clients. The website reflects a professional business with clear service offerings and client engagement channels including social media and contact forms. Technically, the website uses modern frontend technologies such as Bootstrap, jQuery, Owl Carousel, and FontAwesome, ensuring a responsive and visually appealing user experience. However, there is room for improvement in SEO, accessibility, and performance optimization. The site lacks a CMS indication and advanced analytics tools, suggesting a simpler infrastructure. From a security perspective, the site uses HTTPS and Google reCAPTCHA for form protection but lacks critical security headers and DNSSEC. No privacy or cookie policies are published, indicating compliance gaps with GDPR and related regulations. The WHOIS data is consistent and transparent, supporting the legitimacy of the domain and business. Overall, the website is functional and professional but would benefit from enhanced security measures, privacy compliance, and technical optimizations to improve trust and user experience.

The website 'Aboutbags' serves as a brand selection portal for various luggage and bag brands under the Samsonite IP Holdings umbrella. It provides users with a simple interface to choose among brands such as Tumi, Samsonite, American Tourister, and others, likely targeting consumers interested in travel goods. The site is branded consistently with official logos and a copyright notice referencing Samsonite IP Holdings S.à r.l., indicating a legitimate business association. From a technical perspective, the site uses jQuery and jQuery Modal libraries loaded from an external domain, with basic mobile responsiveness and moderate performance. The HTML structure is valid but minimal, lacking advanced SEO or accessibility features. No CMS or hosting provider information is discernible from the content provided. Security posture is moderate; the site does not expose sensitive data or contain forms collecting personal information, but lacks visible security headers and privacy-related policies. There is no evidence of HTTPS enforcement or SSL configuration details in the provided data. No analytics or tracking scripts are present, indicating minimal user tracking. Overall, the website is safe and appropriate for a general audience, with no adult or questionable content detected. However, the absence of privacy, cookie, and terms of service policies, as well as contact information, limits its compliance and user trust. The domain registration aligns well with the business entity, supporting legitimacy. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance the site's trustworthiness and security posture.

I

interstruct AG

interstruct.com

0

interstruct AG is a Berlin-based digital creative agency specializing in UX/UI design, web development, and digital strategy. The company positions itself as a specialist in transforming complex business challenges into impactful digital platforms, focusing on measurable results and user-centric solutions. Their key services include consulting, concept development, UX/UI design, content creation, technical implementation, and analytics. The website reflects a mature, professional business with a consistent brand and clear market positioning in the technology sector.

S

Sloan Servicing

sloanservicing.com

0

Sloan Servicing is a newly established financial services company specializing in loan servicing solutions. The website is built using modern web technologies, primarily Angular 19, and integrates several marketing and analytics tools such as Pendo, Tealium, Hotjar, and Google Analytics. The technical infrastructure indicates a moderate level of digital maturity with room for improvement in performance and SEO optimization. Security measures include a Content Security Policy and various security headers; however, some misconfigurations such as the improper use of Strict-Transport-Security and lack of DNSSEC reduce the overall security posture. Privacy compliance is basic with a privacy policy and cookie consent mechanism present, but no terms of service or incident response information is available. Overall, the website is functional but lacks comprehensive business and security transparency, which impacts trust and credibility.

N

Nationwide Multistate Licensing System & Registry (NMLS)

nationwidelicensingsystem.org

0

The Nationwide Multistate Licensing System & Registry (NMLS) Resource Center website serves as an authoritative platform providing mortgage licensing information and regulatory resources. It targets mortgage professionals, regulators, and consumers seeking licensing verification and related data. The site is hosted on Microsoft SharePoint Online, leveraging modern web technologies but with basic content presentation and limited interactive features. Security posture is solid with HTTPS enforced, though security headers and privacy compliance mechanisms are lacking. The absence of explicit privacy and cookie policies, as well as contact information, represents areas for improvement. Overall, the website is trustworthy and professional but could enhance user experience and compliance transparency.

A

AVS Abrechnungs- und Verwaltungs-Systeme GmbH

medienhaus-next.de

0

Medienhaus/NEXT/ is a well-established German media industry event and knowledge platform operated by AVS Abrechnungs- und Verwaltungs-Systeme GmbH. It serves media professionals by providing digital impulses, best practices, and networking opportunities through annual events and related content. The website is built on TYPO3 CMS and integrates modern privacy and analytics tools such as Usercentrics and Matomo, reflecting a mature digital infrastructure. Security posture is solid with HTTPS and consent management, though explicit security policies and incident response contacts are absent. Overall, the site is professional, trustworthy, and compliant with GDPR, targeting media sector stakeholders in Germany.

М

Министарство просвјете и културе Републике Српске & Lanaco

eobrazovanje.com

0

The website eobrazovanje.com serves as an official educational portal affiliated with the Ministry of Education and Culture of Republika Srpska and the technology partner Lanaco. It provides educational resources, news, and professional development content targeting teachers, students, parents, and adult learners within the Republika Srpska region. The portal covers multiple education levels including preschool, primary, secondary, and adult education, offering downloadable materials and links to official pedagogical institutions. The site is primarily in Serbian using both Latin and Cyrillic scripts, reflecting its regional focus. Technically, the website is built on Microsoft SharePoint, leveraging a variety of JavaScript libraries such as jQuery, Bootstrap, Font Awesome, and Owl Carousel for UI components and interactivity. The platform is moderately optimized for performance and mobile responsiveness, with basic accessibility features. Hosting appears to be managed or partnered with Lanaco, a known IT company in the region. SEO and metadata are basic but functional. From a security perspective, the site uses HTTPS with a valid SSL certificate, but lacks DNSSEC and explicit security headers, which are recommended for enhanced protection. The SharePoint form digest mechanism is used to mitigate CSRF risks. No privacy, cookie, or terms of service policies are present, indicating gaps in compliance with GDPR and related privacy regulations. No incident response or vulnerability disclosure information is provided, limiting transparency in security management. Overall, the website is a credible and trustworthy government-affiliated educational resource with good content quality and technical implementation. However, it would benefit from improved privacy compliance, enhanced security headers, and clearer contact information to strengthen user trust and regulatory adherence.

BitLab d.o.o. is a medium-sized technology company based in Bosnia and Herzegovina, specializing in IT solutions including web development, mobile applications, 3D visualization, hosting, e-commerce, and education. Established in 2014, the company has a solid market presence with over 500 completed projects and a diverse client base including government and educational institutions. Their business model focuses on providing comprehensive digital services and products to businesses and organizations in the region. Technically, the website demonstrates a modern technology stack with a variety of backend and frontend frameworks, CMS options, and integration of analytics and social sharing tools. The site is mobile optimized and offers a good user experience with clear navigation and professional design. Hosting appears to be managed internally or through affiliated services, with DNSSEC enabled and SSL certificates in use, indicating a secure infrastructure. From a security perspective, the website benefits from HTTPS and DNSSEC but lacks visible security headers and formal security policies such as privacy or cookie policies. No forms or direct data collection mechanisms were detected in the provided content, reducing immediate risk exposure. However, the absence of privacy and cookie policies indicates compliance gaps, especially regarding GDPR and similar regulations. Overall, BitLab d.o.o. presents a trustworthy and professional online presence with strong business credibility and technical implementation. To enhance security posture and compliance, the company should implement security headers, publish privacy and cookie policies, and consider a vulnerability disclosure policy. These steps will improve user trust and regulatory adherence.

Staples Imprint Solutions operates a specialized punch-out simulation website designed to facilitate B2B ordering of customized print products. The site targets business customers and partners who use punch-out catalogs for streamlined ordering processes. The business is positioned within the retail sector under the Staples brand umbrella, with a domain age indicating a mature and stable presence since 2012. Technically, the website is built on ASP.NET Web Forms with JavaScript validation, but lacks modern SEO, accessibility, and mobile optimization features. Security posture is moderate with basic form validation but missing critical security headers and DNSSEC. No privacy or cookie policies are present, and no contact or social media information is provided, limiting transparency and user trust. Overall, the site serves a niche business function but requires improvements in security, privacy compliance, and user experience to enhance credibility and trust.

S

Staples, Inc.

staplespromo.com

0

StaplesPromo.com is an enterprise-level e-commerce website operated by Staples, Inc., specializing in custom promotional products such as apparel, drinkware, tech accessories, and office essentials. The site targets businesses and organizations seeking branded merchandise to enhance their marketing efforts. It features a large catalog of over 4000 products and showcases trust signals including logos of major global brands. The business model is retail e-commerce with a focus on customization and branding services. The website is well-branded, professionally designed, and offers a seamless user experience with clear navigation and mobile optimization. Technically, the site leverages a modern tech stack including jQuery, Bootstrap, Dynamic Yield for personalization, Google Tag Manager, Adobe DTM, and TrustArc for consent management. It is hosted on a CDN infrastructure (Akamai) ensuring moderate performance and global reach. The platform used is Znode, a specialized e-commerce CMS. Accessibility is basic but functional, and SEO practices are good with proper meta tags and structured data. From a security perspective, the site enforces HTTPS, uses domain locking statuses to prevent unauthorized changes, and implements a consent management platform for GDPR compliance. A vulnerability disclosure policy is publicly available, indicating a mature security posture. However, DNSSEC is not enabled, and explicit security policies or incident response contacts are not found. No vulnerabilities or suspicious domains were detected. Overall, the website presents a low-risk profile with strong business credibility, good privacy compliance, and solid technical implementation. Recommendations include enabling DNSSEC, publishing explicit security policies, and enhancing accessibility compliance to further improve security and user trust.

A

Antena Radio

antena.ba

0

Antena Radio is a small media company operating an online radio streaming platform targeting general audiences interested in contemporary music. The website provides live streaming, social media integration, and mobile app distribution, positioning itself as a local/regional broadcaster in Bosnia and Herzegovina. The technical infrastructure uses standard web technologies including HTML5, CSS3, JavaScript with jQuery, and integrates Google Analytics and Facebook SDK for tracking and social features. While the site is functional and well-branded, it uses an outdated jQuery version and loads some scripts over HTTP, which introduces security risks. The security posture is moderate with HTTPS enabled but lacks advanced security headers and visible privacy or cookie policies, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional but would benefit from security and privacy improvements.

I

InterSoft d.o.o. Sarajevo

klix.ba

0

Klix.ba is the most visited and influential news portal in Bosnia and Herzegovina, providing fast and important news from Sarajevo, the country, and the world. The website operates on an advertising-supported business model, leveraging multiple ad networks including Amazon Ads, PubMatic, and Google Ad Manager. The technical infrastructure includes modern JavaScript libraries, consent management via Didomi, and analytics through DotMetrics and Google Analytics. The site is well-optimized for mobile and desktop users with good SEO and accessibility practices. Security posture is solid with HTTPS enforcement, bot protection via reCAPTCHA, and GDPR-compliant consent mechanisms, although a dedicated security policy and incident response information are not publicly available. Overall, Klix.ba presents a professional, trustworthy, and compliant digital presence with a strong market position in the media sector of Bosnia and Herzegovina.

Schweppes.com serves as a global brand portal for the Schweppes beverage company, providing regional navigation to localized websites primarily for North America and Europe. The site content is minimal and focused on brand presence rather than direct consumer engagement. Technically, the site uses legacy JavaScript libraries such as Prototype.js and modern tracking tools like Google Analytics and Google Tag Manager. However, there is no evidence of a CMS or advanced frameworks. Security posture is weak due to lack of visible HTTPS confirmation, security headers, and absence of privacy or cookie policies. The WHOIS data is notably missing or indicates the domain is unregistered, which is inconsistent with the brand's global presence and raises legitimacy concerns. Overall, the site is functional but basic, with significant gaps in compliance and security transparency.

G

Grey Goose

greygoose.com

0

Grey Goose is a premium French vodka brand owned by Bacardi Limited, targeting adult consumers seeking luxury spirits. The website showcases the brand's products, cocktail recipes, and brand stories with a professional and polished digital presence. The technical infrastructure includes modern JavaScript libraries, marketing and analytics tools, and compliance mechanisms such as age verification and cookie consent. Security posture is good with HTTPS and some security best practices, though some HTTP security headers could be improved. The domain WHOIS data is unavailable, which raises some concerns about registration transparency but does not detract from the overall legitimacy of the brand and website. Overall, the site is well-positioned in the premium spirits market with a strong brand identity and digital maturity.

P

Philip Morris Products S.A.

iqos.com

0

The IQOS website represents Philip Morris Products S.A., a global enterprise specializing in heated tobacco and electronic cigarette products as smoke-free alternatives to traditional cigarettes. The site is professionally designed with excellent content quality, targeting adult smokers seeking alternatives. It features localized versions for multiple countries, reflecting a broad international market presence. The technical infrastructure leverages modern web technologies including Adobe Experience Manager CMS, New Relic monitoring, Google Tag Manager, and Akamai hosting, ensuring fast performance and mobile optimization. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and incident response information are not prominently disclosed. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence. Overall, the site is trustworthy and professionally maintained, though WHOIS data is unavailable, which warrants further verification for domain registration legitimacy.

P

ProCredit Bank d.d. Sarajevo

procreditbank.ba

0

ProCredit Bank d.d. Sarajevo is a German-owned financial institution operating in Bosnia and Herzegovina, specializing in retail and SME banking with a strong focus on sustainability and digital innovation. The bank offers a comprehensive range of services including current accounts, savings, loans, and digital banking platforms such as ProBanking and mobile applications. Their market position is strengthened by transparent business ethics, ISO certifications, and a commitment to green financing. Technically, the website is built on modern frameworks like Next.js and React, hosted on Vercel, ensuring fast performance and mobile optimization. Security posture is robust with HTTPS, security headers, and secure forms, complemented by an incident response mechanism via whistleblowing. However, the absence of a cookie consent mechanism and vulnerability disclosure page are notable compliance gaps. Overall, the bank demonstrates a high level of professionalism, trustworthiness, and digital maturity.

F

Fiare Media Tools

fiaremediatools.com

0

Fiare Media Tools operates as a specialized provider of digital tools aimed at news publishing businesses, offering custom content management systems, layout automation, and integrated newsroom solutions. The website presents a professional and consistent brand image targeting media companies seeking to digitize and automate their publishing workflows. Technically, the site employs modern web technologies including Google Tag Manager and Cookiebot for analytics and cookie consent, and uses HTTPS to secure communications. However, the absence of WHOIS registration data raises concerns about domain legitimacy and trustworthiness. Security posture is moderate with HTTPS enabled but lacking explicit security headers and formal privacy policies. Overall, the site is functional and well-designed but would benefit from enhanced transparency and security practices.

NEŠKOVIĆ Group is a well-established company based in Bosnia and Herzegovina, specializing in the wholesale and retail of petroleum products, automotive sales and services, hospitality, and retail markets. The company operates multiple subsidiaries including insurance and auto centers, positioning itself as a regional leader with a broad service portfolio. The website reflects a professional digital presence built on WordPress with WooCommerce and other common plugins, offering a good user experience and clear business information. However, the technical infrastructure shows signs of aging with outdated WordPress versions and missing modern security headers. Security posture is moderate with HTTPS enforced but lacking comprehensive security policies or vulnerability disclosures. Privacy compliance is minimal, with no visible cookie consent or GDPR indicators. Overall, the website and business appear legitimate and trustworthy, but improvements in security and privacy compliance are recommended.

E

EUROS Osiguranje

eurososiguranje.com

0

EUROS Osiguranje is a local insurance company operating in Bosnia and Herzegovina since 2016, offering a range of insurance products including property, auto, and health insurance. The website presents a professional and well-structured digital presence with clear service offerings targeted at residents and businesses within Bosnia and Herzegovina. The technical infrastructure includes modern web technologies such as Google Analytics and Swiper.js, hosted on DNS servers associated with crohost.net. Security posture is adequate with HTTPS enabled and domain registration protections in place, though DNSSEC is not enabled and security headers are not evident. Privacy compliance is weak due to the absence of explicit privacy and cookie policies. Overall, the website is functional and trustworthy but would benefit from enhanced compliance and security measures.

S

Satwork

satwork.net

0

Satwork is a well-established company founded in 2005 specializing in satellite vehicle tracking and fleet management services primarily in Bosnia and Herzegovina and the surrounding region. The company offers a comprehensive suite of GPS-based solutions including fuel consumption control, driver communication, route optimization, and digital tachograph data management. With subsidiaries in Serbia, Montenegro, and Austria, Satwork maintains a strong regional presence and is recognized as a market leader in its domain. The website reflects a professional and consistent brand image with detailed service descriptions and multiple contact points, supporting its credibility and customer engagement. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and Font Awesome, and integrates analytics tools like Google Analytics and Google Tag Manager. The site is moderately optimized for performance and mobile devices, with good SEO practices evident. However, there is room for improvement in accessibility and security hardening, particularly by enabling DNSSEC, adding security headers, and publishing privacy and cookie policies. From a security perspective, Satwork demonstrates maturity by holding ISO 9001 and ISO/IEC 27001 certifications, indicating a commitment to quality management and information security. The website uses HTTPS for secure communications, especially on login forms, and implements user-friendly features like password visibility toggling. Nonetheless, the absence of explicit incident response contacts, vulnerability disclosure policies, and cookie consent mechanisms highlights areas for compliance enhancement. Overall, Satwork presents a trustworthy and professional online presence aligned with its business operations. The main risks relate to privacy compliance gaps and security header omissions, which should be addressed to strengthen user trust and regulatory adherence. Strategic improvements in these areas will enhance the company’s digital maturity and security posture, supporting sustained growth and customer confidence.

E

EAC European Automobile Clubs asbl | your partner for mobility | Avenue Michel-Ange 69, Brussel, Belgien

eaclubs.org

0

The website www.eaclubs.org is a Wix-hosted site with minimal accessible content and no visible business or organizational details. The site lacks privacy, cookie, and terms of service policies, as well as contact information, which limits its credibility and compliance posture. Technically, it uses standard Wix scripts and polyfills, indicating a basic modern web infrastructure but with limited optimization and SEO features. Security posture is weak due to absence of security headers and no visible HTTPS enforcement details. WHOIS data is unavailable due to a malformed request or privacy protection, which reduces trust in domain legitimacy. Overall, the site appears to be a small-scale or early-stage community or club website with limited digital maturity and security readiness.

N

NESTRO PETROL a.d.

nestropetrol.com

0

NESTRO PETROL a.d. operates the largest network of petrol stations in Bosnia and Herzegovina, managing over 80 retail locations under the NESTRO brand. The company offers various loyalty card programs targeting both individual and corporate customers, enhancing customer retention and engagement. The website reflects a mature business with a clear market position supported by its parent company OPTIMA Grupa d.o.o. The digital presence includes interactive maps, promotions, and news updates, catering to a general audience primarily in the Serbian language with options for Russian and English. Technically, the website utilizes a traditional tech stack including jQuery 1.11.1, Bootstrap, and Google Analytics for tracking, alongside Raygun for error monitoring. While the site is mobile optimized and well-structured, some technical debt is evident due to the use of outdated libraries and lack of modern security headers. The absence of DNSSEC and security policies indicates room for improvement in security posture. Security-wise, the domain is well-established with a consistent WHOIS record and clientTransferProhibited status, indicating domain ownership protection. However, the lack of DNSSEC, security headers, and outdated JavaScript libraries present potential vulnerabilities. No explicit privacy or cookie policies were found, which may impact GDPR compliance. The site does not appear to be blocked or protected by a WAF, allowing full content access. Overall, the website is professional and functional with moderate security and privacy compliance. Strategic improvements in security headers, updated libraries, and explicit privacy documentation would enhance trust and compliance. The business is credible with a strong market presence but should address technical and compliance gaps to reduce risk and improve user trust.

B

Barry Callebaut

barry-callebaut.com

0

Barry Callebaut is a global leader in the manufacturing of high-quality chocolate and cocoa products, with a strong emphasis on sustainability through its Forever Chocolate strategy. The website serves a broad international audience with comprehensive product, service, and corporate information. Technically, the site is built on Drupal 10, employs modern analytics and consent management tools, and is optimized for performance and mobile use. Security posture is solid with HTTPS and no exposed sensitive data, though explicit security headers and a dedicated security policy are absent. WHOIS data is missing or unavailable, which slightly impacts trust but does not detract from the professional presentation and business credibility of the site.

A

American Tourister México

americantourister.com.mx

0

American Tourister México operates a professional e-commerce platform specializing in luggage, backpacks, and travel accessories targeted at the Mexican market. The website showcases a broad product catalog with clear navigation and integrates customer reviews and marketing tools to enhance user engagement. The technical infrastructure leverages modern frameworks such as Next.js and React, hosted on Vercel, with Shopify powering the commerce backend. Marketing and analytics integrations include Klaviyo, Okendo, Microsoft Clarity, and Facebook Pixel, indicating a mature digital marketing approach. Security posture is strong with HTTPS enforced and standard security headers present, though explicit privacy and cookie policies are missing, representing compliance gaps. Overall, the site is trustworthy and well-positioned in the retail luggage sector in Mexico.

S

Searchspring

searchspring.net

0

Searchspring is a well-established ecommerce technology company specializing in AI-driven search, merchandising, and personalization solutions. With a domain age of over 20 years and a parent company Athos Commerce, it holds a strong market position targeting ecommerce retailers seeking to improve product discovery and conversion rates. The website demonstrates a mature digital presence with modern technologies and integrations, including WordPress CMS, HubSpot marketing tools, and multiple analytics platforms. Security posture is good with HTTPS enforced and domain status protections, though DNSSEC is not enabled and no explicit security policies are published. Privacy compliance is robust with clear cookie consent and GDPR-aligned policies. Overall, the site is professional, trustworthy, and technically sound, supporting its business credibility and market leadership.

T

Tangiblee

tangiblee.com

0

Tangiblee is a technology company specializing in augmented reality and AI-powered e-commerce solutions that enable retailers to bring in-store shopping experiences online. Their platform offers virtual try-on capabilities, product visualization, and lifestyle content generation primarily targeting retail sectors such as jewelry, watches, handbags, luggage, and furniture. The company positions itself as an innovative provider of immersive shopping technologies, serving a medium-sized business model focused on B2B SaaS offerings. Technically, the website is built on the Webflow CMS platform and integrates multiple modern marketing and analytics tools including HubSpot, Apollo.io, and Intellimize. The site demonstrates good performance, mobile optimization, and accessibility features, with a professional design and clear navigation. Security practices include HTTPS enforcement and cookie consent mechanisms, although explicit security policies and incident response information are not publicly available. The security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of WHOIS domain registration data introduces some uncertainty regarding domain legitimacy. Privacy compliance is well addressed with GDPR-aligned consent banners and preference management. Business credibility is supported by client logos, case studies, and professional content, though direct contact details are limited to forms. Overall, Tangiblee presents a trustworthy and professional online presence with advanced technical infrastructure and privacy compliance. The main risk lies in the lack of publicly available domain registration information, which should be monitored. Strategic recommendations include publishing explicit security and incident response policies, adding vulnerability disclosure mechanisms, and providing clearer company contact information to enhance trust and compliance.

R

RedIRIS

rediris.es

0

RedIRIS is a well-established Spanish academic and research network providing connectivity and advanced ICT services to the academic and scientific community since 1988. It operates under the auspices of Red.es, a Spanish public entity, and holds important certifications such as ISO 27001 and ENS, underscoring its commitment to security and quality. The website reflects a professional and consistent brand image targeting academic institutions and researchers in Spain. Technically, the site uses modern web technologies including jQuery, DataTables, and Google Analytics, with good mobile optimization and SEO practices. Security posture is strong with HTTPS and certifications, though explicit security headers and incident response policies are not publicly visible. Privacy compliance is partially addressed with cookie consent but lacks a dedicated privacy policy page. Overall, the site is trustworthy, secure, and professionally maintained, serving a critical role in Spain's academic infrastructure.

R

Red.es

red.es

0

Red.es is a Spanish government entity under the Ministry of Economic Affairs and Digital Transformation, dedicated to promoting digital transformation across businesses, citizens, and public administrations. The website serves as a comprehensive portal for initiatives, news, and resources related to digital innovation and funding programs in Spain. The site is well-structured, professionally designed, and targets a broad audience including SMEs, entrepreneurs, and public sector entities. Technically, the website is built on Drupal 10 with modern front-end frameworks like Bootstrap 4.6 and utilizes Google Tag Manager for analytics. It demonstrates good mobile optimization, accessibility, and SEO practices. Security measures include HTTPS enforcement, cookie consent management, and antibot protections on forms. However, some security headers could be improved. The security posture is strong with multiple certifications such as ISO 27001 and compliance with the Spanish National Security Scheme (ENS). No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is robust with clear GDPR-aligned policies and cookie management. Overall, the website reflects a mature digital presence consistent with a government agency, with high trustworthiness and professionalism. The domain WHOIS data is restricted as per .es domain policies, which is typical and appropriate for this entity.

I

Instituto Nacional de Ciberseguridad (INCIBE)

incibe.es

0

INCIBE (Instituto Nacional de Ciberseguridad) is the official Spanish national cybersecurity institute dedicated to providing cybersecurity assistance, awareness, and incident response services to citizens, businesses, and government entities. The website serves as a comprehensive portal offering educational resources, cybersecurity tools, incident reporting, and training programs. It holds a strong market position as a government entity focused on national cybersecurity initiatives. Technically, the website is built on Drupal 10 CMS, leveraging modern web technologies including Bootstrap for responsive design and various analytics tools such as Google Analytics and Siteimprove. The site is mobile-optimized, accessible, and well-structured, providing a professional user experience. Cookie consent mechanisms and privacy compliance are implemented effectively. From a security perspective, the site enforces HTTPS and employs best practices such as cookie consent and secure content delivery. However, explicit security headers are not evident in the provided data, and there is room for improvement by publishing security.txt files and enhancing incident response contact transparency. No vulnerabilities or suspicious content were detected. Overall, INCIBE's website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. The lack of WHOIS data is due to Red.es restrictions but does not detract from the site's legitimacy as a government cybersecurity resource. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure information, and improving contact information for security incidents.