Skip to main content

Is thermona.eu a Scam? Security Check Results - Thermona, spol. s r.o. Reviews

thermona.eu favicon

Is thermona.eu Safe? Security Analysis for Thermona, spol. s r.o.

https://thermona.eu

Check if thermona.eu is a scam or legitimate. Free security scan and reviews.

EnergyCzech Republicmedium
jQuery 1.11.3Bootstrap CSS and JSFont Awesome 4.4.0Google Fonts (Source Sans Pro, Roboto, Open Sans)jQuery Fancybox 2.1.5+3 more
Analyzed 8/1/2025Completed 10:18:49 AM
59
Security Score
MEDIUM RISK

AI Summary

Thermona, spol. s r.o. is a well-established Czech manufacturer specializing in gas and electric boilers, including condensing and atmospheric models under the THERM brand. With a history dating back to 1990, the company has expanded its market presence to over twenty countries, offering comprehensive heating solutions including control systems and accessories. The website reflects a professional and consistent brand image, targeting residential and commercial customers seeking reliable heating products. Technically, the site employs a mature technology stack based on ASP.NET WebForms and Bootstrap, with integration of common web libraries and Google services for analytics and fonts. Security posture is moderate with HTTPS usage and no evident vulnerabilities, though security headers and CMS updates could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website and business demonstrate a credible and trustworthy profile with room for technical modernization and enhanced security practices.

Detected Technologies

jQuery 1.11.3Bootstrap CSS and JSFont Awesome 4.4.0Google Fonts (Source Sans Pro, Roboto, Open Sans)jQuery Fancybox 2.1.5Google Maps APICMSPages (likely Kentico CMS or similar .NET CMS)ASP.NET WebForms

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Thermona holds a strong market position as a traditional Czech manufacturer with a focus on quality and reliability. Its business model revolves around manufacturing and direct sales supported by a network of country-specific partner sites. The company targets a broad audience including homeowners and commercial entities requiring heating solutions. Revenue streams likely include product sales, installation services, and after-sales support. The presence of multiple localized domains indicates a strategic approach to international markets. The company emphasizes compliance with industry standards and customer satisfaction, which supports its competitive advantage. Growth indicators include active news updates and participation in international exhibitions. The partnership ecosystem is robust with dedicated country sites, enhancing market penetration and customer support.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

t*****@thermona.cz

Phone Numbers (1)

+4205445*****

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a moderate security maturity level. HTTPS is implemented, and no sensitive data is exposed in the HTML content. However, the absence of visible security headers such as Content Security Policy, HSTS, and X-Frame-Options suggests potential areas for improvement. The use of an older jQuery version (1.11.3) may expose the site to known vulnerabilities if not properly patched. Forms appear to use POST methods, but no explicit CSRF tokens or advanced protections are visible in the source. There is no evidence of an incident response policy or dedicated security contact channels. Privacy policies and cookie consent mechanisms are in place, indicating awareness of GDPR compliance. Overall, the security posture is adequate for a commercial site but would benefit from enhanced header configurations, updated libraries, and formalized incident response readiness.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement comprehensive security headers including CSP, HSTS, X-Frame-Options, and X-XSS-Protection to mitigate common web attacks.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Thermona, spol. s r.o.

Description:

Thermona is a leading manufacturer of wall-mounted gas boilers, gas condensing boilers, and electric boilers under the THERM brand, providing heating and water heating solutions. The company offers control systems, DHW tanks, and flue systems, emphasizing quality, compliance with directives, and customer satisfaction.

Key Services:
Manufacture of gas suspension boilersManufacture of condensing boilersManufacture of electric boilersDelivery of control systemsDelivery of DHW tanksDelivery of flue systemsProvision of boiler rooms and cascade boiler systems
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuery 1.11.3Bootstrap CSS and JSFont Awesome 4.4.0Google Fonts (Source Sans Pro, Roboto, Open Sans)jQuery Fancybox 2.1.5Google Maps APICMSPages (likely Kentico CMS or similar .NET CMS)ASP.NET WebForms
Frameworks:
BootstrapASP.NET WebForms
Platforms:
Windows Server (implied by ASP.NET WebForms usage)
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
70/100
Best Practices:
  • Use of HTTPS (implied by https URLs)
  • No exposed sensitive data in HTML
  • Forms use POST method

Analytics & Tracking

Services:
Google AnalyticsGoogle Tag Manager
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

45/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Weak X-Content-Type-Options configuration

LOW

Current value: "nosniff, nosniff"

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

80/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
emailphoneform

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

80/100
Score

No DMARC record found

HIGH

DMARC provides email authentication and reporting

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:spf.protection.outlook.com -all
DNS Lookups:1/10
Policy:-all
DKIM Selectors Found
Selector:selector1(1416-bit rsa)
DMARC Details
Policy:none
MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

62/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 48 days

Mixed Content Detected

MEDIUM

3 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Registration Details

DNS Records

A Records:217.198.121.206
Name Servers:
ns.profiwh.comDNS only
ns.profiwh.czDNS only
ns.profiwh.infoDNS only
ns.profiwh.netDNS only
MX Records:
0: thermona-eu.mail.protection.outlook.com
SOA:Serial: 2024052714, TTL: 86400s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:103ms

SPF Analysis

SPF Record:
v=spf1 include:spf.protection.outlook.com -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

20/100
Score

High-Risk Service Exposed: RPC

HIGH

Port 135 (RPC) is publicly accessible - RPC - Windows RPC endpoint

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on ASP.NET WebForms with Bootstrap for responsive design and jQuery for client-side scripting. It uses Google Fonts and Font Awesome for typography and icons. The presence of multiple country-specific domains suggests a multi-site architecture likely managed via a CMS platform, possibly Kentico or a similar .NET CMS. Performance is moderate with asynchronous loading of analytics scripts and use of CDN-hosted resources. Mobile optimization is good, with responsive menus and layouts. Accessibility is basic but could be improved with ARIA roles and better keyboard navigation support. SEO is supported by meta descriptions and structured navigation. Technical risks include reliance on older JavaScript libraries and potential CMS vulnerabilities if not regularly updated. Hosting details are not explicit but likely Windows-based given the technology stack.
Analyze Another Website