Security Directory

C

Casavo Management S.p.A.

casavo.com

0

Casavo Management S.p.A. operates a mature and professional PropTech platform focused on simplifying the real estate transaction process for home sellers and buyers primarily in Italy and France. The company leverages technology such as machine learning algorithms for instant home valuation, combined with human consultancy and support services including mortgage assistance and professional home enhancement. Their market position is supported by significant funding, a growing presence in multiple European cities, and strong brand recognition through media coverage and verified customer testimonials. Technically, the website is built on modern frameworks like Next.js and React, hosted via Cloudflare, and integrates various third-party services for analytics and consent management. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture and user trust. Privacy compliance is robust, with clear GDPR-aligned policies and consent mechanisms in place. Overall, while the business model and digital maturity are strong, immediate remediation of security vulnerabilities is essential to protect user data and maintain credibility.

EACAT is a mature government-operated digital platform serving the Catalan public administrations by providing electronic administration services and facilitating inter-administrative communication. The platform targets public sector entities within Catalonia and has been operational for over 15 years, reflecting a stable market position within the regional government sector. The website content and branding are consistent with official government services, supported by domain registration details matching the registrant organization and country. Technically, the website employs legacy JavaScript libraries such as jQuery 1.8.2 and Modernizr 2.6.2, with backend technologies based on Microsoft Visual Studio .NET and C#. Hosting is via Amazon AWS DNS infrastructure. Performance is suboptimal with a slow load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. The site lacks a CMS and uses custom-built code. From a security perspective, the site has critical deficiencies including the absence of a valid SSL/TLS certificate, no HTTPS support, and no security headers. DNS records show valid SPF and DMARC configurations, but CAA records are malformed. No incident response or security policy information is provided. Sensitive login forms transmit credentials without encryption, posing significant risk. Privacy compliance is weak, with no cookie consent mechanism despite use of tracking scripts like Google Tag Manager and Lucky Orange. Overall, the website presents moderate business credibility as a government service but suffers from critical security and privacy shortcomings. Immediate remediation of SSL/TLS configuration and implementation of security best practices is essential to protect user data and maintain trust. Enhancing privacy compliance and modernizing technical infrastructure would further improve the platform's digital maturity and user experience.

D

Digital Impulse Hub

digitalimpulsehub.eu

0

Digital Impulse Hub is a strategic alliance focused on supporting the digital transformation of SMEs and local public administrations in Spain. It leverages partnerships with chambers of commerce, universities, and public entities to provide consulting, training, financing, and networking services. The website reflects a mature digital presence with integration into the European Digital Innovation Hubs network, showcasing a strong regional market position and trust indicators such as the Seal of Excellence. Technically, the site is built on WordPress with modern frameworks and libraries, though performance optimization is needed due to slow load times and large page size. Security posture is adequate with HTTPS, SPF, and DMARC configured, but could be enhanced with additional headers and HSTS. Privacy compliance is well addressed with GDPR-compliant cookie consent and policies. Overall, the site is professional and trustworthy, though direct contact details are limited to forms and social media.

The domain from2travel.com currently hosts only a default placeholder page generated by the KeyHelp server control panel, indicating no active website content or business presence. There is no information about the company, services, or contact details, which suggests the domain is either newly registered or inactive. The technical infrastructure is minimal, with only a basic Bulma CSS framework used for styling and no CMS or advanced technologies detected. Performance is moderate due to the small page size and low resource count, but the site lacks HTTPS support as no valid SSL certificate is installed. Security posture is weak, with no security headers, no DNSSEC, and no vulnerability disclosure or incident response policies in place. Overall, the site is not compliant with privacy regulations and lacks trust indicators, resulting in a low trust and credibility score.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 13 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

ilMioDono is a donation platform operated by UniCredit S.p.A., focused on facilitating donations to non-profit organizations and social projects primarily in Italy. The platform showcases multiple projects and organizations, providing a community engagement space for donors and beneficiaries. The website is built on Adobe Experience Manager and hosted via Akamai, with moderate performance and good mobile and accessibility features. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. The site implements DMARC with a reject policy, enhancing email security. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the business credibility is strong due to the UniCredit brand and mature domain age, but security improvements are urgently needed.

J

JSC Credit Information Bureau

manakreditvesture.lv

0

JSC Credit Information Bureau (KIB) operates the website manakreditvesture.lv, providing credit information and risk management services in Latvia. As part of the global Creditinfo Group and backed by major Latvian banks, it offers individuals and companies access to credit reports, credit scores, dispute management, and profile monitoring. The business model includes free and subscription-based services, targeting Latvian consumers and financial institutions. The website is built on a modern React and Gatsby stack, offering a good user experience and clear navigation, though performance is somewhat slow. Security posture is weak due to the absence of a valid SSL certificate and lack of security headers, which poses a significant risk. Privacy compliance is basic but present, with a privacy policy aligned with GDPR. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and build trust.

G

Generalitat de Catalunya

atm.cat

0

Autoritat del Transport Metropolità (ATM) is a public consortium under the Generalitat de Catalunya, managing integrated transport tariffs and mobility projects in the Barcelona metropolitan area. The website serves as an official portal providing comprehensive information about transport tariffs, mobility plans, transparency, and customer support. It targets residents and public transport users in Catalonia, offering multilingual content and links to related government services. The business model is public sector focused, emphasizing transparency and service delivery rather than commercial revenue. Technically, the website is built on the Liferay CMS platform with modern web technologies including React and Bootstrap. While the site is content-rich and accessible, performance is hindered by a high load time and large page size. The site is mobile optimized and includes accessibility features. SEO and metadata are well implemented, including Open Graph tags. Security posture is adequate with HTTPS enforced, valid SSL certificates, and email authentication via DMARC and SPF. However, advanced security headers like HSTS and DNSSEC are missing, and domain protection locks are not enabled, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained, reflecting its governmental nature. Recommendations include enhancing security headers, enabling DNSSEC, improving performance, and adding explicit security and incident response policies to further strengthen trust and compliance.

M

Moventia

moventia.net

0

Moventia is a well-established multinational family business specializing in sustainable mobility solutions since 1923. The company offers integrated services in collective and private mobility, emphasizing quality, innovation, and sustainability. Their digital presence is built on a modern WordPress platform with multilingual support and SEO optimization, reflecting a mature and professional online identity. However, the website suffers from a critical security flaw due to an invalid SSL certificate, resulting in the absence of HTTPS protection, which poses risks to user data and trust. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The domain registration is consistent and mature, supporting the company's legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance the security posture and user trust.

M

Marfina, SL

moventisexperience.es

0

MoventisExperience is an online platform operated by Marfina, SL, offering road transport services and excursions primarily in Catalonia, Spain. The company provides shuttle transfers, private transfers, and guided tours, targeting tourists and travelers seeking convenient booking options. The website reflects a medium-sized business with consistent branding and a focus on customer service, including 24/7 telephone support and cancellation policies. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism via Cookiebot. However, no explicit security or incident response policies are found on the site. Overall, the site is professional and trustworthy but requires improvements in security and performance to enhance user trust and compliance.

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 20 security findings identified across all modules.

M

Moventia

moventia.es

0

Moventia is a well-established Spanish multinational company specializing in collective and private mobility solutions since 1923. The company positions itself as a leader in the transportation sector with a strong emphasis on innovation, sustainability, and quality service. Their website reflects a mature digital presence with multilingual support, rich multimedia content, and comprehensive corporate information. Technically, the site is built on WordPress with modern plugins and frameworks, though performance is somewhat slow likely due to heavy resource usage. Security posture is a concern due to an invalid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and trust signals, but security improvements are critical to maintain reputation and compliance.

C

Consorci Localret

localret.cat

0

Consorci Localret is a well-established consortium focused on supporting local governments in Catalonia, Spain, with digital transformation initiatives. Their website showcases a comprehensive range of services including advisory, procurement centralization, telecommunications infrastructure, innovation office, and digital society support. The organization targets municipalities and supramunicipal entities, positioning itself as a key player in local government digital modernization. Technically, the website is built on WordPress with a mature tech stack including SEO and multilingual plugins, accessibility tools, and analytics integrations. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and enhance trust.

The website gencat.net serves as an official domain for the Generalitat de Catalunya, the regional government of Catalonia, Spain. However, the site itself contains only a minimal HTML page that immediately redirects visitors to the main government portal at web.gencat.cat. This indicates that gencat.net functions primarily as a redirect domain rather than a content-rich site. The domain is mature, registered since 2000, and aligns with the official government entity, supporting its legitimacy. The target audience includes Catalan citizens and others seeking official government information. From a technical perspective, the site is hosted on an Apache server but lacks modern security and performance features. Critically, there is no SSL/TLS certificate configured, resulting in unencrypted HTTP traffic. The site does not implement DNSSEC, HSTS, or security headers, and no privacy or cookie policies are present. The minimal content and lack of technical sophistication suggest low digital maturity and poor user experience. Security posture is weak due to the absence of HTTPS and security best practices, exposing users to potential interception risks. The lack of privacy compliance measures and contact information further reduces trust and compliance with regulations such as GDPR. Despite these issues, the domain's WHOIS data is consistent and trustworthy, registered to a reputable registrar with no privacy protection, which is appropriate for a government domain. Overall, the website's primary function as a redirect limits its content and utility. Strategic improvements should focus on securing the domain with HTTPS, enhancing security headers, and providing clear privacy and contact information to improve trust and compliance.

C

CREDITREFORM Rating SIA

crediweb.lv

0

CrediWeb.lv is a Latvian-based business information platform operated by CREDITREFORM Rating SIA, providing comprehensive credit and business reports for companies primarily in Latvia, Europe, and China. The platform targets businesses and registered users seeking detailed company and private person credit information, offering services such as company reports, family trees, monitoring, and foreign credit reports. The website demonstrates a professional design with consistent branding and clear navigation, supporting multiple languages and user authentication methods including bank link authentication. Technically, the site uses modern JavaScript libraries like jQuery, Flatpickr, Tippy.js, and Chart.js, and integrates Google Tag Manager for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts user security and trust. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. WHOIS data confirms the domain is actively maintained and consistent with the business's Latvian operations, though domain protection locks are not enabled. Overall, while the business model and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

C

Consorci Administracio Oberta De Catalunya

idcat.cat

0

The idcat.cat website is an official government digital identity platform managed by the Consorci Administracio Oberta De Catalunya, providing digital certificates for secure electronic identification and signing. The site targets residents and entities in Catalonia, facilitating interactions with public administrations. The business model is government service provision with a focus on digital identity and certification. The website content is well-structured and professionally presented, primarily in Catalan, with additional language options. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts security posture. The site uses modern JavaScript libraries and Google Tag Manager for analytics and user engagement but lacks cookie consent mechanisms, raising privacy compliance concerns. Overall, the domain registration and WHOIS data confirm legitimacy and consistency with the claimed government entity, but security improvements are critical to protect users and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

ADTENDE SL

adtende.es

0

ADTENDE SL is a specialized company focused on innovation and service provision for the public sector, particularly in electronic administration and citizen assistance. The company positions itself as a unique partner with a public sector DNA, offering comprehensive services such as OAC 360º, LIAM AI agent, and centralized call services. Their target audience includes public administrations and e-citizens, emphasizing effective and innovative solutions to improve public service delivery. Technically, the website is built on WordPress with Elementor and integrates modern tools like Google Analytics and reCAPTCHA, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact information and social media presence enhancing business credibility. Security posture is weak due to missing HTTPS and lack of security headers, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

M

Moventis S.A.

moventis.es

0

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

JauniAuto.lv is a Latvian automotive news website providing up-to-date articles, reviews, and industry news targeted at Latvian-speaking automotive enthusiasts. The site operates primarily as an advertising-supported media platform, featuring a range of automotive content with a consistent brand presentation. Technically, the website is built on WordPress and uses common web technologies such as jQuery and Google Analytics, but suffers from slow performance and lacks modern security configurations. The absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Additionally, the site lacks privacy and cookie policies, which raises compliance concerns under GDPR regulations. Business credibility is moderate due to the lack of explicit contact information and security policies, although the domain registration data aligns well with the website's purpose and location.

P

PK MEŽS SIA

pkmezs.lv

0

SIA PK Mežs is a Latvian small-sized company specializing in forestry and wood processing services, primarily serving the Zemgale region. The company offers forest and forest stand purchasing, forestry services, wood processing, and forest property valuation. The website is professionally designed with good content quality and clear navigation, targeting forest owners and sellers. Technically, the site uses a modern tech stack including jQuery, Usercentrics for cookie consent, Google Analytics, and Snowplow for analytics, hosted on Businessmedia.lv infrastructure. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy compliance is basic with a privacy policy and cookie consent but no GDPR-specific indicators or terms of service. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements.

A

Attollo Brokers

octa24.lv

0

OCTA24.lv is an online insurance brokerage platform focused on providing vehicle owners in Latvia with an easy-to-use OCTA insurance calculator and policy purchase service. The website offers comprehensive information about mandatory vehicle liability insurance, including FAQs, news, and related insurance products like KASKO. The business operates under Attollo Brokers, a recognized insurance intermediary in Latvia, positioning itself as a convenient digital channel for insurance comparison and purchase. Technically, the site uses an older technology stack with Apache and PHP 5.5.9, integrating jQuery and FancyBox for UI components. Despite functional content and structured data, the absence of a valid SSL certificate and outdated server software significantly weaken the security posture. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and informative but requires urgent security upgrades to protect user data and improve trust.

I

iAuto.lv

iauto.lv

0

iAuto.lv is a Latvian automotive news portal providing a wide range of content including automotive news, sports, forums, classifieds, and user-generated content. The site targets Latvian-speaking automotive enthusiasts and general audiences interested in vehicles and related topics. It operates primarily as an advertising-supported media platform with additional services such as classifieds and insurance calculators. Technically, the site uses a custom or unknown CMS with technologies including nginx, jQuery, Font Awesome, Google Tag Manager, and Gemius analytics. Hosting is supported by Cloudflare DNS and a dedicated IP. However, the site lacks a valid SSL/TLS certificate and does not support modern TLS protocols, which significantly impacts its security posture. Cookie consent mechanisms are implemented, supporting GDPR compliance to a basic degree. The absence of explicit contact information and security policies reduces business credibility somewhat. Overall, the site is functional with good content quality but requires urgent security improvements to protect users and enhance trust.

A

Akciju sabiedrība “Olpha”

olpha.eu

0

Olpha is a leading pharmaceutical manufacturer based in Latvia with a strong regional presence across more than 60 markets. The company offers a broad portfolio of pharmaceutical products, active pharmaceutical ingredients, and contract manufacturing services. Their website reflects a mature digital presence built on WordPress with multilingual support and advanced accessibility features, demonstrating a commitment to inclusivity and user experience. The site is professionally designed with clear navigation and comprehensive content tailored to healthcare professionals, business partners, and the general public. Security posture is solid with HTTPS enabled and SPF/DMARC email protections, though improvements in HTTPS hardening and DNS security are recommended. Privacy and cookie policies are well implemented and GDPR compliant. Overall, Olpha presents a trustworthy and credible business with a modern digital infrastructure.

A

Akciju sabiedrība “Olpha”

olainfarm.com

0

Olpha is a well-established Latvian pharmaceutical company with over 50 years of experience and a strong regional presence across more than 60 markets. The company specializes in manufacturing a wide range of pharmaceutical products including active ingredients, finished dosage forms, and nutritional supplements. Their business model includes contract manufacturing and licensing, supported by a large team of specialists. The website reflects a mature digital presence with multilingual support, comprehensive accessibility features, and professional branding. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is solid with HTTPS and no critical vulnerabilities detected, though improvements in email security and SSL configurations are recommended. Overall, Olpha demonstrates a credible and professional online presence aligned with its business stature.

A

Akciju sabiedrība “Olpha”

olpha.lv

0

Olpha is a leading pharmaceutical manufacturer based in Latvia, serving over 60 markets with a broad portfolio of pharmaceutical products, active ingredients, and nutritional supplements. The company operates through multiple subsidiaries across Eastern Europe and Central Asia, emphasizing contract manufacturing and pharmaceutical co-development. Their website reflects a mature digital presence with multilingual support, professional design, and a strong focus on accessibility, ensuring compliance with WCAG 2.1 AA standards. Technically, the site is built on WordPress with modern plugins and tracking tools, although performance could be improved due to high resource count and page size. Security posture is adequate with HTTPS and modern TLS protocols, but lacks some advanced configurations such as HSTS, DNSSEC, and DMARC, which are recommended for enhanced protection. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Olpha presents a trustworthy and professional online presence aligned with its business stature.

Atom.com operates a comprehensive online marketplace specializing in premium domain name sales, branding contests, and related services such as trademark filing and audience research. The website for ThreeSixty.com serves as a landing page for a high-value domain sale, offering multiple purchase options including buy now, installments, and escrow services. The platform targets businesses and entrepreneurs seeking brandable domain names and branding solutions, positioning itself as a trusted and established player in the domain marketplace industry since 2011. Technically, the website employs modern JavaScript frameworks and monitoring tools such as New Relic and Intercom, hosted on Amazon AWS infrastructure. While the site is mobile-optimized and features good navigation and content quality, it suffers from critical security shortcomings including the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. From a security perspective, the lack of HTTPS and security headers exposes users to potential risks and undermines trust. However, the presence of a purchase protection program, verified domain badges, and clear contact information contribute positively to business credibility. The domain registration data aligns well with the website's claims, indicating legitimacy. Overall, while the business model and content quality are strong, immediate remediation of security issues is essential to enhance user trust and compliance. Strategic improvements in SSL deployment, security headers, and privacy mechanisms will elevate the platform's security and privacy compliance, supporting its market position and customer confidence.

A

A2Z Events

mya2zevents.com

0

A2Z Events is a well-established event management software provider offering a comprehensive platform tailored for trade shows, conferences, and corporate events. With over 25 years of industry presence and backing by Personify Corporation, it holds a strong market position supported by a robust suite of event management tools and services. The website demonstrates professional design, rich content, and clear navigation targeting event professionals seeking scalable solutions. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. However, the security posture is currently weak due to the absence of a valid SSL certificate and missing security headers, which poses risks to user data confidentiality and trust. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is credible and professional but requires urgent security improvements to align with best practices and user expectations.

E

European Flying Disc Federation

efdf.org

0

The European Flying Disc Federation (EFDF) is a well-established non-profit organization dedicated to the promotion and governance of flying disc sports across Europe. The website serves as an informational hub for multiple flying disc disciplines, providing news, event updates, and organizational details. The domain is mature and consistent with the organization's history, reinforcing its legitimacy. Technically, the site is built on WordPress with a standard theme and common libraries, but suffers from slow load times and lacks modern security configurations such as HTTPS. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of DNSSEC. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Contact information is not explicitly provided, which may hinder user trust and compliance. Overall, the site is functional and informative but requires significant improvements in security and privacy to meet modern standards.

C

Confederazione Boccistica Internazionale

cbi-prv.org

0

The Confederazione Boccistica Internazionale (CBI) is an international sports federation dedicated to the bocce sport. The organization provides comprehensive information about bocce events, news, rules, and membership. The website serves as a hub for bocce enthusiasts, players, and affiliated organizations worldwide, positioning itself as a key international governing body in this niche sport. The business model is non-profit, focusing on sport promotion and community engagement. Technically, the website is built on the 3WTURK CMS platform and uses legacy technologies such as jQuery and FlexSlider. While the site offers rich content and a consistent brand experience, it suffers from slow load times and basic mobile optimization. The absence of modern frameworks and performance optimizations indicates room for technical modernization. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Although SPF and DMARC records are configured for email security, the lack of HTTPS and security headers exposes users to risks. No privacy or cookie policies are present, indicating compliance gaps with GDPR and other privacy regulations. Overall, the site is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Performance optimizations and modernization of the technology stack would further improve user experience and operational resilience.

The website minigolfsport.com serves as a minimal informational portal for the World Minigolf Sport Federation, primarily redirecting visitors to a subdomain (gov.minigolfsport.com) where presumably more detailed content resides. The business focus is on international minigolf sport governance and community engagement, targeting enthusiasts and stakeholders in the sport. The site lacks substantive content, business contact information, and user engagement features, indicating a small-scale, niche presence. From a technical perspective, the site is hosted on an Apache server with basic HTTP headers and no SSL/TLS encryption, resulting in an insecure connection. The absence of modern web technologies, CMS, or analytics tools suggests a low digital maturity level. Performance metrics are unavailable but inferred to be slow due to minimal optimization and lack of HTTPS. Security posture is weak, with no valid SSL certificate, no HSTS, and no advanced security headers. This exposes users to potential risks such as data interception. No privacy or cookie policies are present, indicating non-compliance with GDPR and other privacy regulations. The WHOIS data is consistent and legitimate, with no privacy protection or suspicious registration patterns. Overall, the site presents a low-risk profile due to minimal data collection but suffers from poor security and compliance practices. Strategic improvements in SSL deployment, content enrichment, and privacy compliance are recommended to enhance trust and professionalism.

4

40 YEARS OF EXCELLENCE IN DANCE - IDO

ido-dance.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 20 security findings identified across all modules.

I

ITTF Foundation

ittffoundation.org

0

The ITTF Foundation is a non-profit organization leveraging table tennis to promote social development, health, and peace globally. It operates multiple specialized programmes targeting disadvantaged groups, humanitarian aid, and health awareness. The foundation is linked to the ITTF Group and maintains an active online presence with social media and newsletter engagement. Technically, the website is built on the Contao CMS with modern JavaScript libraries and frameworks but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic with a cookie consent banner and a privacy policy, but no explicit GDPR compliance or terms of service are found. WHOIS data indicates a mature domain with privacy protection typical for non-profits. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

I

International Fistball Association

ifa-fistball.com

0

The International Fistball Association (IFA) operates as the global governing body for the sport of fistball, providing resources such as sport rules, education, anti-doping information, and organizational news. The website serves as an informational platform targeting fistball players, referees, associations, and fans worldwide. Technically, the site is built on WordPress with common plugins and libraries but suffers from slow performance and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support exposes users to security risks. Privacy compliance is minimal with no cookie consent mechanisms or comprehensive privacy policies visibly implemented. Overall, the website demonstrates a basic digital maturity level with significant room for improvement in security and privacy practices.

P

Personify

personifycorp.com

0

Personify is a mature technology company specializing in software solutions for associations, nonprofits, chambers of commerce, and event professionals. With over 25 years of industry leadership and a client base exceeding 30,000 organizations, Personify offers a comprehensive SaaS platform including association management, event management, and member engagement software. Their business model focuses on delivering purpose-driven software combined with client success services to empower organizations in building communities and revenue streams. The company maintains a strong market position supported by multiple subsidiary brands and a consistent, professional web presence. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, UberMenu, and integrations with marketing and analytics tools such as Google Tag Manager and Marketo. Hosting appears to be on Azure infrastructure. Despite good SEO and content quality, the website suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. From a security perspective, the absence of HTTPS and modern TLS protocols is a significant vulnerability, exposing visitors to potential data interception risks. The site also lacks essential security headers and advanced SSL features like HSTS and OCSP stapling. Privacy compliance is reasonably addressed with a clear privacy policy and cookie consent mechanism, but no explicit security or incident response policies are found. Overall, while Personify demonstrates strong business credibility and digital marketing maturity, urgent improvements in SSL/TLS implementation and security hardening are necessary to protect users and enhance trust. Addressing these gaps will align the company’s technical posture with its market leadership and professional brand image.

I

Interact

interact-sport.com

0

Interact is a non-profit initiative focused on promoting Sport for All by supporting international sport organizations in capacity building, certification, and community engagement. The website presents a professional and content-rich platform targeting sport organizations and grassroots participants. Technically, the site is built on WordPress with common libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with HSTS enabled but no valid TLS protocols or certificate transparency compliance. Privacy compliance is well addressed with a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

P

Pilates Heritage

pilates-heritage.com

0

Pilates Heritage operates an international Pilates congress and educational event platform based in Germany, focusing on honoring Joseph Pilates and promoting Pilates education worldwide. The website provides detailed event schedules, presenter biographies, and registration forms targeting Pilates practitioners and educators globally. Technically, the site is built on WordPress with common plugins and uses Google reCAPTCHA for form protection. However, the absence of a valid SSL certificate and HTTPS severely impacts the site's security posture. No privacy or terms of service policies are found, indicating compliance gaps. Overall, the site is professionally designed with good content quality but requires urgent security and privacy improvements.

K

Kathy Corey Pilates

kathycoreypilates.com

0

Kathy Corey Pilates is a specialized Pilates education and certification provider led by Kathy Corey, a recognized expert with over 35 years of experience. The business offers teacher training, certification programs, continuing education, and Pilates-related products such as the CORE Band™. The website targets Pilates instructors and enthusiasts globally, positioning itself as a leader in Pilates education with international reach. Technically, the website is built on the Squarespace platform, leveraging standard web technologies and hosting services from GoDaddy. However, the site suffers from slow load times and lacks advanced analytics or tracking tools. Security-wise, the website has critical vulnerabilities including the absence of a valid SSL certificate, no HTTPS support, and missing security headers, which significantly lowers its security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the site presents a professional business with good content quality but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

A

ASIAN SPORT FOR ALL ASSOCIATION

asfaa.org

0

ASFAA (Asian Sport For All Association) is a regional non-profit organization dedicated to promoting sport for all across Asia. The website serves as an information hub for news, events, programs, and publications related to ASFAA's activities. It targets sports organizations, members, and the Asian sports community, positioning itself as a key regional player affiliated with international bodies such as TAFISA. The business model focuses on community engagement and event organization rather than commercial activities. Technically, the website uses a basic technology stack including jQuery and Google Analytics, with no modern CMS or advanced frameworks detected. Performance is moderate to slow, with basic mobile optimization and accessibility. The site lacks HTTPS, which is a critical security deficiency, and no advanced security headers or policies are implemented. Privacy compliance is poor, with no visible privacy or cookie policies. From a security perspective, the absence of SSL/TLS encryption exposes visitors to risks such as data interception. The lack of security headers and email authentication records further weakens the security posture. No incident response or vulnerability disclosure mechanisms are evident. Overall, the site demonstrates a low security maturity level. The overall risk assessment indicates that while the site is functional and provides relevant content, the lack of HTTPS and privacy compliance are critical issues that must be addressed to improve trust and security. Strategic recommendations include immediate SSL implementation, adoption of privacy policies, and enhancement of security configurations to protect users and improve compliance.

The website pilates-asia.com is currently inaccessible, returning a 406 Not Acceptable error page with minimal HTML content. This prevents any meaningful extraction of business, technical, or security information from the site itself. The domain is registered and hosted via Cafe24, with DNS records indicating a valid SPF record but lacking proper DMARC configuration and no DNSSEC or CAA records enabled. Critically, the site does not have an SSL certificate installed, resulting in no HTTPS support and a poor security posture. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. The overall digital maturity of the site is very low, with no modern security or performance features enabled.

C

Catering & Co.

cateringandco.hu

0

Catering & Co. is a Hungarian catering company specializing in high-quality event catering services, leveraging partnerships with notable restaurants such as KIOSK, Babel, and Piazza Budapest. The company emphasizes gastronomy excellence, sustainability, and customized event solutions tailored to client needs. The website is built on WordPress with multiple plugins for sliders, multilingual support, and contact forms, hosted behind Cloudflare DNS. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. No privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a professional business image but requires urgent security improvements.

P

Papi

papi.hu

0

Papi.hu is a small hospitality business website focused on transforming a family legacy into a farm and restaurant experience in Hungary. The website content centers around a personal story of the founder and his father, emphasizing heritage and love. The business is positioned as an emerging local hospitality venue with a unique cultural narrative. Technically, the site is built on Webflow with modern technologies such as Weglot for multilingual support and Google Tag Manager for analytics. Performance is moderate with a load time of approximately 4.5 seconds. Security posture is basic with HTTPS enabled and modern TLS protocols supported, but lacks advanced security headers, DMARC, and HSTS configurations. Privacy compliance is weak due to the absence of privacy and cookie policies. No contact information or forms are present on the homepage, limiting direct communication channels. Overall, the site is professional and consistent in branding but could improve in security and compliance aspects.

M

M15 Restaurant Kft.

babel-budapest.hu

0

Babel Budapest is a well-established Michelin-starred fine dining restaurant located in Budapest, Hungary, operating since 2008 under the company M15 Restaurant Kft. The website presents a professional and content-rich experience targeting fine dining customers and gastronomes, with clear business information and strong branding. Technically, the site is built on Joomla CMS using UIkit and Yootheme frameworks, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of modern security headers, exposing the site to risks and reducing user trust. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite usage of tracking scripts like Google Tag Manager. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

The website leismunicipais.com.br is currently inaccessible due to a Cloudflare security challenge page requiring human verification before access. This prevents retrieval of any meaningful business or content data. The domain is registered and hosted via Cloudflare with DNS and email services configured, but no SSL certificate is present, resulting in no HTTPS support. The site lacks any visible privacy, cookie, or terms of service policies, and no contact information or business details are available. Performance is slow, and the site appears to be in a blocked or pre-access state rather than serving actual content.

G

Home - Guggenheim Museum Store

guggenheimstore.org

0

Security assessment completed with an overall score of 0/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 19 security findings identified across all modules.

W

World Pilates Confederation

worldpilatesconfederation.com

0

The World Pilates Confederation is a European-based non-profit organization established in 2012, dedicated to promoting Pilates education and uniting Pilates practitioners worldwide. It is led by a respected Pilates expert and hosts prestigious events such as the International Pilates Heritage Congress. The website is built on WordPress with multiple plugins and page builders, offering resources, news, and educational content related to Pilates disciplines. However, the site lacks a valid SSL certificate, serving content over HTTP only, which poses security risks. No privacy or cookie policies are present, indicating compliance gaps. Contact information is available via email and contact forms, but phone numbers are not clearly provided. The technical infrastructure is moderately modern but suffers from performance and security weaknesses. Overall, the site is functional and informative but requires significant improvements in security and privacy compliance to enhance trust and protect users.

T

The Manta Resort

themantaresort.com

0

The Manta Resort is a small, niche luxury hospitality business located on Pemba Island, Tanzania, offering unique eco-luxury accommodations including the world's only Underwater Room. The website is professionally designed using WordPress and Elementor, providing rich content about rooms, activities, and the local environment. The technical infrastructure includes modern web technologies and caching mechanisms, but lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with some best practices like reCAPTCHA implemented, but missing essential HTTPS and modern TLS protocols. Privacy and cookie policies are present but basic, with no explicit security or incident response policies found. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

I

ICEHOTEL

icehotel.com

0

ICEHOTEL is a unique hospitality business based in Sweden offering an iconic ice and snow hotel experience combined with art exhibitions and Arctic adventures. The company holds a strong market position as a niche Arctic tourism provider with a medium-sized operation and a history dating back to 1989. The website is professionally designed with excellent content quality and clear navigation, targeting tourists seeking unique Arctic experiences. Technically, the site uses Drupal 10 CMS with modern JavaScript frameworks and libraries, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. Social media presence is robust across major platforms, enhancing trust and engagement.

M

M15 Restaurant Kft.

kiosk-budapest.hu

0

KIOSK Budapest is a well-established hospitality business operating a modern Hungarian restaurant located in the heart of Budapest. The company offers a range of services including dining, event hosting, catering, and online ordering, supported by a mature digital presence and multiple related brands. The website is professionally designed with good content quality and clear navigation, targeting both local and international visitors seeking authentic and contemporary Hungarian cuisine. Technically, the site leverages Webflow CMS, Cloudflare hosting, and integrates modern tools such as Google Tag Manager and Cookiebot for analytics and privacy compliance. While the SSL configuration is strong with TLS 1.3 support, security headers like HSTS are not enabled, representing an area for improvement. The site implements comprehensive cookie consent mechanisms and maintains GDPR compliance. Overall, the security posture is solid but could benefit from enhanced HTTP security headers and OCSP stapling. The domain is mature and consistent with the business claims, supporting high trustworthiness. Strategic recommendations include enabling HSTS, adding security headers, and improving performance to enhance user experience and security.

M

Mediarey Hungary Services Zrt.

forbes.hu

0

Forbes.hu is a mature Hungarian business media website operated by Mediarey Hungary Services Zrt., providing high-quality business, finance, lifestyle, and culture content targeted at Hungarian-speaking professionals and general readers. The site uses a WordPress CMS with React components and integrates multiple advertising and tracking technologies to support its business model, which includes advertising and premium subscriptions. Technically, the site is hosted behind Cloudflare and uses modern web technologies but lacks a valid SSL certificate, resulting in HTTP-only access which is a significant security concern. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent mechanism implemented via Cookiebot. The WHOIS data confirms the domain's maturity and legitimacy, consistent with the business claims. Overall, the site is professionally designed and content-rich but requires urgent security improvements to enable HTTPS and strengthen its security posture.