Security Directory

H

Hammerite Nederland

hammerite.nl

0

Hammerite Nederland is a medium-sized manufacturing and retail company specializing in metal protection coatings and paints, operating primarily in the Netherlands. The website serves as a product showcase and e-commerce platform, supported by WooCommerce and WordPress, with a focus on consumer and professional markets seeking metal protection solutions. The site is branded under the parent company AkzoNobel, indicating a strong market position in the coatings industry. Technically, the website employs common web technologies including jQuery, Google Tag Manager, Facebook Pixel, and OneTrust for cookie consent, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. Security posture is weak due to missing HTTPS and security headers, although privacy compliance is supported by clear privacy and cookie policies with consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in security infrastructure to protect user data and enhance credibility.

Landitec GmbH is a specialized B2B technology company based in Germany, offering high-quality network hardware appliances and related services across Europe. Their business model combines e-commerce with consulting, testing, and support services, targeting enterprises and organizations requiring secure and flexible network infrastructure. The website is built on the Odoo CMS platform and hosted on Odoo.sh, featuring a professional design with clear navigation and multilingual support. However, the site lacks a valid SSL certificate, resulting in no HTTPS protection, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present, explicit security policies and incident response information are missing. The company demonstrates trust through extended warranties, partner logos, and detailed product testing.

V

VIENNA SIGHTSEEING TOURS

viennasightseeing.at

0

Viennasightseeing.at is a medium-sized tourism and transportation business specializing in guided sightseeing tours, hop-on-hop-off bus services, day trips, and sightseeing passes in Vienna, Austria. The company positions itself as a market leader in Vienna's sightseeing tour sector, targeting tourists seeking convenient and flexible travel experiences. The website is built on TYPO3 CMS and integrates modern marketing and tracking tools such as Google Tag Manager, Trustpilot, and Usercentrics for consent management. However, the site suffers from critical security issues including an invalid SSL certificate, lack of HTTPS enforcement, and a subdomain takeover vulnerability on its shop subdomain. These issues significantly impact the site's security posture and trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and maintain business credibility.

U

Universitätsklinikum Hamburg-Eppendorf

uke.de

0

The Universitätsklinikum Hamburg-Eppendorf (UKE) is a leading European university hospital specializing in healthcare, research, and education. The website reflects a comprehensive digital presence with extensive information about clinics, institutes, research programs, patient services, and educational offerings. The site targets patients, medical professionals, researchers, and students, positioning UKE as a major healthcare and research institution in Germany. Technically, the site uses established libraries like jQuery and Modernizr, and employs Matomo for privacy-conscious analytics. However, the absence of a valid SSL certificate and modern TLS protocols significantly impacts the security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The site demonstrates high professionalism and trustworthiness but requires urgent improvements in security infrastructure to protect user data and enhance trust.

The website hfmt-hamburg.de currently serves a 404 error page indicating that no site configuration is found, suggesting the site is either offline or not properly configured. The site is powered by TYPO3 CMS and hosted on infrastructure associated with Technische Universität Hamburg. There is no accessible business content, contact information, or policies available, which severely limits the ability to assess the business or its services. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks. The absence of security headers and modern TLS protocols further weakens its security posture. Overall, the site is not operational from a user or security perspective, resulting in a very low trust and quality rating.

H

Hochschule für bildende Künste Hamburg (HFBK Hamburg)

hfbk-hamburg.de

0

The website represents the Hochschule für bildende Künste Hamburg (HFBK Hamburg), a medium-sized public art university in Germany focused on fine arts education, exhibitions, and research. It targets prospective and current students, artists, and the art community with comprehensive content on academic programs, events, and projects. The site is professionally designed with consistent branding and rich content, supporting an excellent user experience and clear navigation. Technically, the site uses a modern JavaScript stack including jQuery, Masonry, and Klaro for cookie consent, but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security headers are well configured but ineffective without HTTPS. Privacy compliance is partially addressed with a privacy policy and cookie consent mechanism, though GDPR compliance is not fully evident. The site uses Matomo analytics with user consent. Overall, the security posture is weak due to missing HTTPS, which is a critical issue. The site is accessible without WAF or blocking mechanisms.

V

vitrado

vitrado.de

0

vitrado.de operates as an inhouse affiliate marketing network primarily serving the freenet Group's portfolio of digital lifestyle and telecommunications products. The platform targets affiliate marketers and partners seeking to promote these products through various partner programs and marketing tools. The website presents a professional and consistent brand image aligned with its parent company, freenet Group, and offers a range of partner programs including waipu.tv, klarmobil, and freenet Mobile among others. Technically, the site leverages JavaScript, CSS, and SVG technologies with Cloudflare DNS and hosting, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and HTTPS support. Security posture is weak due to missing HTTPS, absent security headers, and disabled DNSSEC, exposing the site to potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to enhance trust and compliance.

F

freenet DLS GmbH

freenet-mobilfunk.de

0

Freenet DLS GmbH operates a comprehensive German telecommunications website offering mobile phone tariffs, devices, and related digital services. The company targets German consumers seeking flexible mobile plans and devices, positioning itself as a significant player in the German telecom market. The website features structured data with detailed company information and social media presence, supporting brand credibility and customer engagement. Technically, the site employs modern JavaScript frameworks, Cloudflare CDN, and personalization tools like Kameleoon, but suffers from critical SSL/TLS misconfigurations that undermine secure HTTPS access. Security headers are partially implemented, but the lack of a valid SSL certificate and disabled TLS protocols represent major vulnerabilities. Privacy and cookie policies are not detected, indicating compliance gaps. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and comply with regulations.

A

Arvato Systems

arvato-systems.de

0

Arvato Systems is a leading German IT service provider specializing in digital transformation across multiple industries including energy, manufacturing, healthcare, retail, government, and finance. The company offers a broad portfolio of services such as consulting, cloud and data center services, application development, security, and managed services. It holds multiple industry awards and certifications, including ISO 27001 and Top Employer Germany 2024, reflecting its strong market position and commitment to quality and security. Technically, the website is built on CoreMedia CMS and integrates various analytics and marketing technologies, but suffers from a critical lack of valid SSL/TLS certificates, impacting its security posture. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the company demonstrates a mature digital presence with strong business credibility but needs urgent improvements in SSL/TLS security to protect user data and maintain trust.

Arvato is an enterprise-level company specializing in innovative supply chain management, logistics, transport management, and digital solutions primarily targeting B2B clients in the transportation sector. The website presents a professional and comprehensive digital presence with multilingual support and detailed service offerings. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. The security configuration is basic, with no HTTPS enabled and missing security headers, although privacy compliance is well managed through Cookiebot consent mechanisms. Overall, the site is trustworthy and professional but requires urgent improvements in security infrastructure to protect user data and enhance trust.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, and e-commerce solutions primarily serving B2B clients. The company operates globally with a strong presence in Poland and multiple related domains indicating a broad international footprint. Their website is built on TYPO3 CMS and integrates modern technologies such as Vite JS and Cookiebot for consent management. Despite a professional design and comprehensive content, the site suffers from an invalid SSL certificate, resulting in a basic security posture. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. The site uses Google Analytics and advertising networks for tracking and marketing purposes. Overall, Arvato presents a credible and professional business front but should urgently address SSL and security header issues to improve trust and security.

Arvato SE operates as a global enterprise specializing in innovative supply chain management, logistics, transport management, and digital solutions, targeting B2B clients with a focus on e-commerce and omnichannel distribution. The website reflects a mature digital presence with multilingual support and comprehensive content showcasing their services and success stories. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a critical lack of HTTPS, impacting security posture significantly. Cookie consent is robustly managed via Cookiebot, ensuring GDPR compliance and user privacy controls. However, the absence of a valid SSL certificate and security headers exposes the site to risks and reduces trustworthiness. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices.

Arvato SE operates a comprehensive supply chain management and e-commerce logistics platform targeting enterprise clients primarily in Spain and internationally. The website showcases a professional and well-structured digital presence powered by TYPO3 CMS and modern frontend technologies. Key services include supply chain management, logistics and fulfillment, transportation management, and digital solutions. The company demonstrates strong branding consistency and trust indicators such as client logos and social media presence. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism via Cookiebot. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

Arvato SE operates a comprehensive supply chain and logistics service platform with a strong focus on innovative digital solutions and e-commerce support. The company targets business clients seeking holistic supply chain management, logistics, transport, and digital commerce solutions. The website reflects a large enterprise with international reach, supported by multiple regional domains and a parent company affiliation with Bertelsmann. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a lack of HTTPS, resulting in a critical security gap. Cookie consent is managed professionally via Cookiebot, and analytics are extensively used with Google services. The security posture is weak due to missing SSL and security headers, which poses risks to user data and trust. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

Arvato SE operates as a global third-party logistics provider specializing in supply chain management, logistics & fulfillment, transport management, and digital solutions. The company targets businesses in e-commerce and B2B sectors, offering scalable and innovative logistics services. The website demonstrates a strong market presence with multiple localized domains and partner sites, reflecting a large enterprise with a global footprint. Technically, the site is built on TYPO3 CMS with modern frontend tooling and integrates Cookiebot for GDPR-compliant cookie management. However, the main domain suffers from an invalid SSL certificate, impacting security posture. While no critical vulnerabilities are detected, the lack of HTTPS and security headers lowers the overall security score. Privacy compliance is well addressed with clear cookie consent and privacy policies. The website is professionally designed, mobile-optimized, and provides clear navigation and business information, though direct contact emails and phone numbers are not exposed publicly. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and security.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, transport, and digital commerce solutions primarily targeting B2B clients. The website is professionally designed, multilingual, and powered by TYPO3 CMS with modern frontend technologies. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are mostly present, but critical SSL/TLS configurations and session management features are missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and consent mechanisms. Business credibility is strong with clear branding, client logos, and social media presence. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

Investing in Place is a small non-profit organization focused on leveraging public spaces in Los Angeles to improve quality of life for residents. The organization acts as an independent voice in local politics, advocating for better budgeting and planning of sidewalks, streets, and public spaces. Their key services include policy advocacy, public engagement, and research reporting. The website reflects a professional and consistent brand with clear messaging targeted at local stakeholders and community members. Technically, the website is built on WordPress using Elementor and WooCommerce plugins, hosted by DreamHost. While the site has a good design and user experience, it suffers from slow performance and lacks advanced SEO and accessibility features. The absence of a valid SSL certificate and modern TLS protocols is a significant security concern, exposing users to risks and undermining trust. Security posture is weak due to missing HTTPS, lack of security headers, and no evident privacy or cookie policies. Analytics are implemented via Google Analytics and Jetpack, but privacy compliance is poor with no GDPR indicators. Contact information is limited to an email address and a contact form, with no phone or physical address provided. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect user data.

The website sierraclub.org is currently inaccessible due to a Web Application Firewall (WAF) security mechanism implemented by Incapsula, which blocks direct content access and presents an incident ID iframe instead of the actual website content. Consequently, no meaningful business, contact, or policy information could be extracted or analyzed. The DNS configuration shows standard multiple A records and Google MX mail servers, but the SSL/TLS configuration is critically lacking with no valid certificate and no enabled secure protocols, resulting in a very weak security posture. The site lacks any visible privacy, cookie, or terms of service policies, and no contact or social media information is available from the provided HTML content. Overall, the site’s digital presence is severely limited by the security blocking, preventing a full assessment of its business or technical maturity.

S

Sunrise Movement LA

sunrisemovementla.org

0

Sunrise Movement LA is a youth-led environmental justice organization focused on combating climate change and promoting the Green New Deal within the Greater Los Angeles area. The organization operates as a grassroots non-profit movement, recruiting young activists and engaging the community through events, political advocacy, and educational efforts. Their digital presence is built on the Squarespace platform, leveraging modern web technologies and integrating social media and donation platforms to facilitate engagement and fundraising. The website is well designed with clear navigation and mobile optimization, though performance metrics suggest room for improvement. Security posture is adequate with HTTPS and some security headers, but lacks advanced configurations such as full HSTS and DMARC for email protection. Privacy compliance is weak due to the absence of privacy and cookie policies, which poses regulatory risks. Overall, the website reflects a credible and professional organization with moderate trustworthiness but requires enhancements in privacy and security policies to strengthen compliance and user trust.

B

Bertelsmann SE & Co. KGaA

bertelsmann.de

0

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating across multiple sectors including broadcasting, book publishing, music, services, printing, education, and investments. The website reflects a mature corporate presence with comprehensive information targeting investors, journalists, job seekers, and the general public. The business model is diversified with strong subsidiaries such as RTL Group and Penguin Random House, positioning Bertelsmann as a major player in the global media industry. Technically, the website employs established web technologies like Bootstrap and jQuery, with content delivery via Amazon CloudFront CDN, ensuring good performance and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Security headers are partially implemented, but critical HTTPS and TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent managed by Cookiebot. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

V

Valmet

jamesbury.com

0

Valmet's Jamesbury brand website presents a comprehensive offering of high-performance valves and automation solutions targeted at industrial sectors such as pulp & paper, energy, and chemical processing. The site reflects a mature enterprise with a strong market position, emphasizing product reliability, safety, and efficiency. Technically, the website employs modern web technologies including jQuery, Bootstrap, and Microsoft Azure monitoring tools, hosted on a secure TLS 1.3 enabled infrastructure. Security posture is solid with proper email authentication (SPF, DMARC) and no evident vulnerabilities, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, good user experience, and trustworthy business credibility.

C

Chatbot

linda-chatbot.de

0

The website linda-chatbot.de appears to be a chatbot service associated with the Sparkasse brand, indicating a financial services context in Germany. However, the site content is currently inaccessible beyond a simple error message indicating a domain or service issue, which severely limits the ability to assess the business comprehensively. The technical infrastructure shows use of React framework and external font resources from Sparkasse's webfonts domain, but the site suffers from very slow load times and minimal content. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, lack of security headers, and missing DNS security configurations. No privacy, cookie, or terms of service policies are present, and no contact or business information is available on the page. Overall, the site is not currently functional or trustworthy for end users.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

L

Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

lrz.de

0

The Leibniz-Rechenzentrum (LRZ) is a large, well-established IT service provider dedicated to supporting scientific research and education primarily in Bavaria, Germany. It offers a broad portfolio of advanced IT services including supercomputing, AI and Big Data infrastructure, networking via the Munich Science Network (MWN), IT security, cloud storage, and consulting. The LRZ is positioned as a key regional player with strong partnerships and a focus on cutting-edge technologies. Technically, the website is built on TYPO3 CMS and demonstrates good content quality, navigation, and accessibility, though performance is moderate. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is adequate with a clear privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

C

Cuprinol

cuprinol.co.uk

0

Cuprinol.co.uk is a retail website specializing in wood treatment and exterior wood protection products, including their flagship Cuprinol Ducksback range. The site targets homeowners and gardening enthusiasts in the United Kingdom, offering a variety of garden shades and protective products. The business operates under the parent company AkzoNobel, a recognized entity in the coatings and chemicals industry. The website presents a professional and consistent brand image with good content quality and clear navigation, catering well to its target audience. Technically, the website is built using modern web technologies such as React and Next.js, with integrations for marketing and analytics tools like Google Tag Manager and Marketo. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts both user experience and security posture. Mobile optimization is good, but accessibility features are basic. From a security perspective, the absence of HTTPS and security headers is a critical vulnerability, exposing users to potential risks. No explicit security policies or incident response information is available, which may affect trust and compliance. Privacy and cookie policies are present and include consent mechanisms, indicating reasonable privacy compliance. Overall, the website is functional and professionally presented but requires urgent improvements in security infrastructure, particularly SSL implementation and security headers, to enhance trustworthiness and compliance.

A

Austrian Business Agency

investinaustria.at

0

The Austrian Business Agency operates the website investinaustria.at to promote Austria as a prime investment destination. It provides comprehensive information and free consulting services to international investors and companies interested in establishing or expanding their business in Austria. The agency emphasizes Austria's innovation, research capabilities, skilled workforce, and stable economic environment. Technically, the website is built on modern frameworks including TYPO3 CMS and Nuxt.js, hosted behind Cloudflare for performance and security. The SSL certificate is valid but lacks advanced HTTPS security headers like HSTS. Privacy compliance is partially addressed with a clear privacy policy but lacks a cookie consent mechanism. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is professional, content-rich, and user-friendly, suitable for its government agency role.

D

Deka Investments

deka-investments.de

0

Deka Investments is a prominent German asset management company offering professional investment and retirement solutions primarily targeting private customers. The website reflects a strong market position with comprehensive services including funds, certificates, savings plans, and wealth management, supported by multiple industry awards and a close affiliation with the Sparkassen-Finanzgruppe. The digital infrastructure leverages modern JavaScript frameworks such as Vue.js and integrates analytics and marketing tools like Google Tag Manager and eGain Chat, providing a good user experience with clear navigation and mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for a financial services website. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms in place. Contact information is clearly presented with multiple channels including phone, contact forms, and chat. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain user trust.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 13 security findings identified across all modules.

N

Next Big Idea Club

nextbigideaclub.com

0

Next Big Idea Club operates as a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital content via a mobile app, and exclusive community engagement opportunities. Technically, the site is built on WordPress, hosted on AWS infrastructure, and integrates multiple marketing and analytics tools such as Mixpanel, Google Tag Manager, and ProfitWell. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical security vulnerability. The absence of a cookie consent mechanism and minimal security headers further weaken its security posture. Business credibility is supported by strong branding, testimonials, and social media presence, but privacy compliance could be improved. Overall, the site provides good content and user experience but requires urgent security enhancements.

N

NoStress Commerce s.r.o.

nostresscommerce.cz

0

Koongo, operated by NoStress Commerce s.r.o., is a mature SaaS platform specializing in product feed management and marketplace integrations for e-commerce sellers. The company offers extensive integrations with over 500 sales channels and supports numerous e-commerce platforms, positioning itself as a comprehensive solution for online sellers seeking to expand their marketplace presence. The website content is professionally designed, rich in detail, and targets online sellers and businesses requiring automated order and inventory synchronization. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom, hosted on Forpsi infrastructure. However, the absence of a valid SSL certificate and lack of TLS protocol support represent critical security weaknesses. While security headers and content security policies are partially implemented, the site’s security posture is significantly impacted by the missing HTTPS, which is a fundamental requirement for secure web operations. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

L

L-Bank

l-bank.info

0

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

0

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

K

Koongo

koongo.dk

0

Koongo is a Danish-based SaaS company specializing in product feed management and multi-channel marketplace integration for online sellers. The platform supports over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize product data and orders automatically. Koongo positions itself as a cost-effective and user-friendly solution with extensive e-commerce platform integrations and a strong customer support reputation. The website is professionally designed, multilingual, and includes comprehensive business and contact information. Technically, the site is built on WordPress with modern JavaScript libraries and analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, exposing it to security risks. Security headers are partially implemented, and privacy compliance is well addressed with cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a mature digital presence but must urgently address SSL issues to improve security posture and trust.

K

Koongo

koongo.gr

0

Koongo is a medium-sized e-commerce SaaS provider specializing in product feed management and marketplace integration, enabling online sellers to automate synchronization of product data and orders across multiple sales channels. The company is positioned as a trusted provider with a comprehensive service offering, including integrations with major marketplaces like Amazon and eBay, and supports over 500 sales channels. Technically, the website is built on WordPress with modern analytics and marketing tools, but lacks a valid SSL certificate, which impacts security posture significantly. Security headers and cookie consent mechanisms are properly implemented, reflecting good privacy compliance. However, the absence of HTTPS and modern TLS protocols is a critical vulnerability that must be addressed to improve trust and security. Overall, the site is content-rich, professionally designed, and provides clear business and contact information, supporting a positive user experience and business credibility.

K

Koongo

koongo.it

0

Koongo is a medium-sized e-commerce software company specializing in product feed management and marketplace integration services. Their platform enables online sellers to automate product listings, synchronize inventory and orders across multiple sales channels, and optimize marketplace operations. Positioned as a comprehensive solution provider, Koongo supports over 500 sales channels and integrates with major e-commerce platforms such as Shopify, Magento, WooCommerce, and others. The company is based in Prague, Czech Republic, and operates under the parent company NoStress Commerce s.r.o. Their website reflects a professional and consistent brand image with good content quality and user experience, targeting online sellers seeking multi-channel sales automation. Technically, the website is built on WordPress CMS with a modern tech stack including jQuery, Google Analytics, Intercom, and Bing Ads integrations. However, the site suffers from slow page load times and lacks a valid SSL certificate, which impacts security and user trust. Cookie consent mechanisms and privacy policies are well implemented, demonstrating GDPR compliance. The site uses multiple tracking and advertising tools, indicating extensive user tracking for marketing purposes. Security-wise, the absence of a valid SSL certificate and missing security headers are significant weaknesses. DNS security features like DNSSEC and CAA are not enabled, and email security via DMARC is missing. Despite these gaps, no critical vulnerabilities or malware indicators were found. The overall security posture is basic and requires urgent improvements to protect user data and enhance trust. In summary, Koongo presents a solid business offering with a mature digital presence but needs to address critical security deficiencies to improve its overall risk profile and user confidence. Strategic investments in SSL/TLS, security headers, and DNS/email security will elevate their security posture and compliance standing.

K

Koongo

koongo.es

0

Koongo is a SaaS platform specializing in product feed management and multi-channel marketplace integration for online sellers. The company offers extensive integrations with over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize inventory, automate order processing, and optimize product data. Positioned as a reliable and scalable solution, Koongo targets e-commerce businesses seeking to expand their online presence efficiently. The website is professionally designed with clear navigation and multilingual support, primarily in Spanish, and includes trust signals such as customer testimonials and third-party review badges. Technically, the site is built on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security shortfall that undermines user trust and data protection. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a solid business and technical foundation but requires urgent improvements in security infrastructure to meet industry standards.

K

Koongo

koongo.de

0

Koongo is a medium-sized e-commerce technology company specializing in product feed management and multi-channel marketplace integration. The company offers a SaaS platform that enables online sellers to synchronize product data, inventory, and orders across over 500 sales channels including Amazon, eBay, and Google Shopping. Koongo positions itself as a comprehensive solution provider with integrations to numerous e-commerce platforms such as Magento, Shopify, WooCommerce, and others. The website is professionally designed, content-rich, and targets e-commerce businesses seeking to expand their online sales footprint efficiently. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom for customer engagement. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a detailed cookie consent mechanism and complies with GDPR requirements, reflecting a strong privacy posture. Overall, Koongo demonstrates a solid market presence with good business credibility but requires urgent improvements in its security infrastructure to meet industry standards.

K

Koongo

koongo.nl

0

Koongo is a medium-sized e-commerce technology company based in the Netherlands, owned by NoStress Commerce s.r.o. It provides a SaaS platform for product feed management and order synchronization across over 500 online marketplaces including Amazon, eBay, and Google Shopping. The website is professionally designed, content-rich, and targets online sellers seeking to expand multi-channel sales efficiently. Technically, the site runs on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business demonstrates strong market positioning and trust signals but must urgently address security shortcomings to protect user data and maintain credibility.

B

Bildungswerk der Sächsischen Wirtschaft

bsw-sachsen.de

0

Bildungswerk der Sächsischen Wirtschaft is a well-established educational organization focused on vocational training and professional development in the Saxony region of Germany. With over 30 years of experience and multiple subsidiaries, it offers a broad portfolio of services including further education, training seminars, and integration courses. The organization targets companies, employees, job seekers, and schools, positioning itself as a key regional player in workforce qualification and development. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and includes SEO-friendly structured data and social media integration. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in an insecure connection and lack of HTTPS enforcement. Other security best practices such as security headers, DNSSEC, and DMARC are also missing. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and cookie policies. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

Calls for Transfer

callsfortransfer.de

0

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

C

csad.cz

csad.cz

0

The website csad.cz appears to represent a transportation-related business, likely a bus or transport service based in the Czech Republic. However, the website content is extremely minimal, consisting only of a placeholder text with an IP address and no meaningful business or contact information. The technical infrastructure is outdated, running Apache 2.2.15 and PHP 5.6.11, with no SSL certificate installed, resulting in an unsecured HTTP-only site. There are no modern web technologies or CMS detected, and no performance or SEO optimizations are evident. Security posture is weak due to lack of HTTPS, missing security headers, and outdated software, exposing the site to potential risks. Privacy and compliance policies are absent, and no contact or incident response information is provided, limiting trust and credibility. Overall, the site is poorly maintained and lacks essential features for a professional online presence.

O

Ost-Ausschuss der Deutschen Wirtschaft e.V.

ost-ausschuss.de

0

The Ost-Ausschuss der Deutschen Wirtschaft e.V. is a medium-sized non-profit association based in Germany that facilitates economic cooperation and business relations between German companies and Eastern European and Central Asian markets. The organization provides services such as policy advocacy, networking events, delegations, and publishes relevant economic updates and reports. The website is professionally designed using Drupal 10 and integrates modern web technologies and analytics tools, targeting business stakeholders and policymakers. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly weakens its security posture. Privacy and cookie policies are present and include consent mechanisms, reflecting good compliance with GDPR requirements. Contact information is clearly provided, enhancing business credibility.

B

Bundesverband der Deutschen Industrie e.V.

bdi.eu

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 21 security findings identified across all modules.

V

VPG Vienna PASS GmbH

viennapass.de

0

VPG Vienna PASS GmbH operates the Vienna Pass website, offering sightseeing passes for tourists visiting Vienna. The business provides two main products: the Vienna PASS with access to up to 90 attractions and the Flexi PASS with a flexible number of visits. The website is built on TYPO3 CMS and integrates modern marketing and payment technologies such as Google Tag Manager, Usercentrics for consent management, and Adyen for payments. The site demonstrates good content quality, clear navigation, and mobile optimization, targeting tourists and culture enthusiasts. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and GDPR compliant, with active social media engagement and trust signals like Trustpilot and money-back guarantees enhancing business credibility.

W

WienTourismus

viennacitycard.at

0

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

0

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

M

Madri Lab

madrilab.com.br

0

Madri Lab is a Brazilian company specializing in multimedia services with a strong focus on educational technology, particularly hosting and customizing Moodle-based EAD platforms. Their market position is that of a niche service provider offering tailored solutions for educational institutions and corporate clients seeking to enhance their online learning environments. The website demonstrates a professional approach with good content quality and clear navigation, targeting Portuguese-speaking audiences in Brazil. Technically, the site is built on WordPress with Elementor and Yoast SEO, but lacks critical security features such as HTTPS, which significantly impacts its security posture. The absence of an SSL certificate and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic, with privacy and terms pages present but no cookie consent mechanism detected. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance credibility.

E

Expert EAD

aulaoead.com.br

0

Expert EAD is a specialized online education platform focused on LMS Moodle training, offering a comprehensive catalog of over 30 courses ranging from beginner to advanced levels. The platform targets educators, LMS administrators, developers, and IT professionals, providing certification and practical learning outcomes. The website is built on WordPress with Elementor and integrates marketing and analytics tools such as Google Analytics and Facebook Pixel. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security concern. Cookie consent mechanisms are implemented, but privacy policies and terms of service are not found, indicating potential compliance gaps. Business information is clearly presented, including parent company details and social media presence, enhancing credibility.

A

Agritech Lavrale S.A. - Divisão Lavrale

lavrale.com.br

0

Agritech Lavrale S.A. - Divisão Lavrale is a Brazilian manufacturing company specializing in agricultural machinery and components, with a legacy of approximately 50 years. The company offers a broad range of products including agricultural implements, cabines, military trailers, and spare parts, targeting agricultural workers and farmers. Their market position is established with a consistent brand presence and active social media engagement. Technically, the website is built on a custom or unknown CMS, served by an Apache server, and uses common web technologies such as JavaScript, Google Fonts, and Google Maps API. However, the site lacks HTTPS, which severely impacts its security posture. Security headers are minimal and some are disabled, indicating a need for significant improvements in security practices. Privacy and cookie policies are absent, which raises compliance concerns. Overall, the website provides good content quality and user experience but suffers from critical security and privacy shortcomings.

L

Lintec Ind. Com. de Motores e Equip. Movim. Materiais Ltda.

lintecmotores.com.br

0

Lintec Motores is a Brazilian company specializing in the manufacturing and distribution of energy generators, including diesel and gasoline models, as well as related equipment such as motobombas and motors. It operates as a subsidiary of Agrale S.A., leveraging the parent company's certification and quality standards to position itself as a provider of cost-effective and robust energy solutions primarily for the Brazilian market. The website serves as a platform for product information, distributor location, and post-sales support, targeting customers seeking reliable energy generation equipment. Technically, the website employs a traditional technology stack including nginx web server, jQuery libraries, Google Analytics, and Google reCAPTCHA for form security. However, it lacks modern security implementations such as HTTPS, valid SSL certificates, and advanced security headers, which exposes users to potential risks. The site shows basic mobile optimization and accessibility features but suffers from slow performance and outdated libraries. From a security perspective, the absence of HTTPS and TLS protocols is a critical vulnerability. While the site includes comprehensive privacy and cookie policies compliant with GDPR principles, it lacks explicit terms of service, security policies, and incident response contacts. The cookie consent mechanism is implemented via Popupsmart, providing users with control over cookie preferences. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. The overall risk assessment indicates a medium risk level due to missing HTTPS and outdated technologies. Strategic recommendations include immediate SSL implementation, upgrading security headers, modernizing the tech stack, and enhancing transparency with clear security and incident response policies to improve user trust and compliance.