Is kontrolaexekuce.cz Safe? Security Analysis for GetData s.r.o.
Check if kontrolaexekuce.cz is a scam or legitimate. Free security scan and reviews.
AI Summary
KontrolaExekuce.cz is an online service operated by GetData s.r.o., providing official information from the Central Execution Registry (Centrální evidence exekucí) managed by the Czech Exekutorská komora. The platform offers instant online checks of execution records for individuals and legal entities, facilitating access to official debt and execution data without requiring user registration. The service is positioned as the only freely accessible debtor registry in the Czech Republic, targeting citizens, businesses, and legal professionals seeking reliable execution data. Payment for detailed reports is processed securely via the PayU gateway, ensuring a seamless user experience. Technically, the website employs modern web technologies including Bootstrap 4.6 for responsive design, jQuery for interactivity, and Google Tag Manager for analytics. The site is mobile-optimized with good SEO practices and uses HTTPS with a valid SSL certificate, ensuring secure data transmission. Cookie consent mechanisms are implemented with detailed user controls, reflecting a commitment to privacy compliance, although an explicit privacy policy page is not found. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and secure payment integration. However, the absence of security headers and vulnerability disclosure mechanisms indicates room for improvement. The lack of WHOIS data limits domain trust assessment, but the business information presented is consistent and professional. No signs of content blocking or WAF interference were detected, and the content is safe for general audiences. Overall, KontrolaExekuce.cz presents a trustworthy and functional service with solid technical foundations and a clear business model. Strategic enhancements in privacy transparency and security headers would further strengthen its security posture and compliance standing.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
The company GetData s.r.o. operates KontrolaExekuce.cz as a niche online service providing access to official execution and debtor registry data in the Czech Republic. Its market positioning as the sole freely accessible official debtor registry gives it a competitive advantage in the local market. The business model relies on paid access to detailed execution reports, leveraging official data from the Exekutorská komora. Target customers include individuals verifying personal debt status, businesses conducting due diligence on partners or employees, and legal professionals. The partnership with PayU for payment processing indicates integration with established financial services. Growth potential exists in expanding service offerings or integrating additional official registries. The company maintains a professional online presence with consistent branding and clear legal information, supporting credibility and customer trust.
Extracted Contact Information
Marketing Intelligence Data
Physical Addresses (1)
Company Registration
GetData s.r.o.
27102343
Security Posture Analysis
Comprehensive Security Assessment
The website exhibits a moderate to good security maturity level. HTTPS is properly implemented, and payment processing is secured via a certified gateway. Cookie consent is actively managed, supporting GDPR compliance. However, the absence of key security headers such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options reduces defense-in-depth. No public security policy or incident response contacts are provided, limiting transparency. There is no evidence of vulnerability disclosure or security.txt files, which are best practices for mature security programs. No vulnerabilities or exposed sensitive data were detected in the content. Overall, the security posture is adequate for the service type but would benefit from enhanced header implementation and published security policies.
Strategic Recommendations
Priority Actions for Security Improvement
Implement and enforce security headers including CSP, HSTS, and X-Frame-Options to mitigate common web attacks.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
GetData s.r.o.
Služba zprostředkovává informace z oficiální exekuční databáze vedené Exekutorskou komorou ČR. Umožňuje online výpisy z centrální evidence exekucí bez nutnosti registrace, s okamžitým výsledkem po zaplacení poplatku.
good
consistent
Technical Stack
moderate
good
basic
good
Security Assessment
- HTTPS enforced
- Secure payment integration
- Consent mechanism for cookies
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with rich content and interactive forms.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
EU business without adequate privacy measures
CRITICALEU businesses are subject to strict GDPR requirements
Third-party services without privacy policy
HIGHDetected services: Google Analytics
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
DMARC not enforcing
MEDIUMDMARC policy is set to "none"
SPF Details
DKIM Selectors Found
DMARC Details
MTA-STS Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 30 days
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
DMARC Policy Set to None
LOWDMARC is configured but not enforcing any policy
Domain Registration Details
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Service Exposed: SSH
MEDIUMPort 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings