Is 28.lv Safe? Security Analysis for Studija 28LV
Check if 28.lv is a scam or legitimate. Free security scan and reviews.
AI Summary
Studija 28LV is a small Latvian company specializing in architecture and interior design projects, including decoration and trade of Italian furniture, decor items, lighting, and sanitary equipment. The company operates primarily in Latvia but has completed projects in several European countries including Italy, Germany, Austria, France, Switzerland, and Russia. Their business model focuses on turnkey interior design solutions for residential and commercial properties, leveraging a creative and eclectic approach to blend classical and modern elements. The website is professionally designed with a clear structure and good user experience, targeting Russian-speaking clients interested in high-quality design services and furniture. Technically, the website uses a modern but basic tech stack including jQuery, Font Awesome, Google Fonts, and lazy loading for images. The site is mobile optimized and loads with moderate performance. However, there is a lack of advanced security headers and no visible HTTPS enforcement details, which suggests room for improvement in security posture. The contact form collects personal data but lacks visible privacy or cookie policies, indicating compliance gaps with GDPR and related regulations. Security-wise, the site does not show signs of WAF or blocking mechanisms and is fully accessible. The absence of WHOIS data due to query limits limits the ability to fully assess domain legitimacy, but the site content and contact information suggest a legitimate small business. Key vulnerabilities include missing security headers, lack of privacy disclosures, and no anti-CSRF protections on forms. Overall, the site is functional and professional but would benefit from enhanced security and privacy compliance measures. The overall risk is moderate with no critical issues detected. Strategic recommendations include implementing HTTPS with HSTS, adding security headers, publishing privacy and cookie policies with consent mechanisms, and improving form security. These steps will enhance trust, compliance, and security posture, supporting the company’s professional image and client confidence.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
Studija 28LV positions itself as a niche player in the interior design and furniture trade market, targeting discerning clients who value eclectic and high-quality design solutions. Their portfolio includes projects across multiple European countries, indicating some international reach and experience. The business model combines design services with product sales, creating multiple revenue streams. The company leverages partnerships with Italian furniture brands and maintains a presence on social media platforms to engage potential clients. Growth indicators include a diverse project portfolio and a focus on turnkey solutions, which can attract clients seeking comprehensive services. However, the lack of visible certifications or formal compliance statements may limit appeal to larger corporate clients. The company appears to operate as a small entity with a focused market segment, relying on professional reputation and quality service delivery.
Extracted Contact Information
Marketing Intelligence Data
Email Addresses (1)
Phone Numbers (1)
Physical Addresses (1)
Security Posture Analysis
Comprehensive Security Assessment
The current security posture of the website is basic with several areas for improvement. The site uses HTTPS (implied by base href https://28.lv/ru/) but lacks visible security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options, which are important to mitigate common web attacks. The contact form includes client-side validation but no visible server-side protections like anti-CSRF tokens. There is no evidence of a published security policy or incident response contacts, which reduces transparency and preparedness. The absence of privacy and cookie policies indicates non-compliance with GDPR and related data protection regulations, posing legal and reputational risks. No tracking or analytics scripts were detected, which limits privacy concerns but also reduces business intelligence capabilities. Overall, the security maturity is low to moderate, suitable for a small business but requiring enhancements to protect client data and build trust.
Strategic Recommendations
Priority Actions for Security Improvement
Implement HTTPS with HSTS to enforce secure connections and protect data in transit.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
Studija 28LV
Компания занимается разработкой дизайн-проектов, декорированием, торговлей итальянской мебелью, предметами декора, освещением и сантехникой. Специализируется на проектировании интерьеров жилой и коммерческой недвижимости с выполнением проектов под ключ. Работала в Латвии, Италии, Германии, Австрии, Франции, Швейцарии и России. В проектах используется эклектичный подход, сочетая классические и современные элементы.
good
consistent
Technical Stack
moderate
good
basic
basic
Security Assessment
- form input validation via JavaScript
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with no blocking or WAF challenge.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
EU business without adequate privacy measures
CRITICALEU businesses are subject to strict GDPR requirements
Third-party services without privacy policy
HIGHDetected services: Facebook, Twitter, YouTube, Google APIs
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
Critical sector without clear security compliance
HIGHDetected sectors: transport, digital
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
SPF Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 64 days
Mixed Content Detected
MEDIUM1 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
High-Risk Service Exposed: FTP
HIGHPort 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings