Security Directory

N

NoStress Commerce s.r.o.

nostresscommerce.cz

0

Koongo, operated by NoStress Commerce s.r.o., is a mature SaaS platform specializing in product feed management and marketplace integrations for e-commerce sellers. The company offers extensive integrations with over 500 sales channels and supports numerous e-commerce platforms, positioning itself as a comprehensive solution for online sellers seeking to expand their marketplace presence. The website content is professionally designed, rich in detail, and targets online sellers and businesses requiring automated order and inventory synchronization. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom, hosted on Forpsi infrastructure. However, the absence of a valid SSL certificate and lack of TLS protocol support represent critical security weaknesses. While security headers and content security policies are partially implemented, the site’s security posture is significantly impacted by the missing HTTPS, which is a fundamental requirement for secure web operations. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

L

L-Bank

l-bank.info

0

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

0

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

K

Koongo

koongo.dk

0

Koongo is a Danish-based SaaS company specializing in product feed management and multi-channel marketplace integration for online sellers. The platform supports over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize product data and orders automatically. Koongo positions itself as a cost-effective and user-friendly solution with extensive e-commerce platform integrations and a strong customer support reputation. The website is professionally designed, multilingual, and includes comprehensive business and contact information. Technically, the site is built on WordPress with modern JavaScript libraries and analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, exposing it to security risks. Security headers are partially implemented, and privacy compliance is well addressed with cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a mature digital presence but must urgently address SSL issues to improve security posture and trust.

K

Koongo

koongo.gr

0

Koongo is a medium-sized e-commerce SaaS provider specializing in product feed management and marketplace integration, enabling online sellers to automate synchronization of product data and orders across multiple sales channels. The company is positioned as a trusted provider with a comprehensive service offering, including integrations with major marketplaces like Amazon and eBay, and supports over 500 sales channels. Technically, the website is built on WordPress with modern analytics and marketing tools, but lacks a valid SSL certificate, which impacts security posture significantly. Security headers and cookie consent mechanisms are properly implemented, reflecting good privacy compliance. However, the absence of HTTPS and modern TLS protocols is a critical vulnerability that must be addressed to improve trust and security. Overall, the site is content-rich, professionally designed, and provides clear business and contact information, supporting a positive user experience and business credibility.

K

Koongo

koongo.it

0

Koongo is a medium-sized e-commerce software company specializing in product feed management and marketplace integration services. Their platform enables online sellers to automate product listings, synchronize inventory and orders across multiple sales channels, and optimize marketplace operations. Positioned as a comprehensive solution provider, Koongo supports over 500 sales channels and integrates with major e-commerce platforms such as Shopify, Magento, WooCommerce, and others. The company is based in Prague, Czech Republic, and operates under the parent company NoStress Commerce s.r.o. Their website reflects a professional and consistent brand image with good content quality and user experience, targeting online sellers seeking multi-channel sales automation. Technically, the website is built on WordPress CMS with a modern tech stack including jQuery, Google Analytics, Intercom, and Bing Ads integrations. However, the site suffers from slow page load times and lacks a valid SSL certificate, which impacts security and user trust. Cookie consent mechanisms and privacy policies are well implemented, demonstrating GDPR compliance. The site uses multiple tracking and advertising tools, indicating extensive user tracking for marketing purposes. Security-wise, the absence of a valid SSL certificate and missing security headers are significant weaknesses. DNS security features like DNSSEC and CAA are not enabled, and email security via DMARC is missing. Despite these gaps, no critical vulnerabilities or malware indicators were found. The overall security posture is basic and requires urgent improvements to protect user data and enhance trust. In summary, Koongo presents a solid business offering with a mature digital presence but needs to address critical security deficiencies to improve its overall risk profile and user confidence. Strategic investments in SSL/TLS, security headers, and DNS/email security will elevate their security posture and compliance standing.

K

Koongo

koongo.es

0

Koongo is a SaaS platform specializing in product feed management and multi-channel marketplace integration for online sellers. The company offers extensive integrations with over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize inventory, automate order processing, and optimize product data. Positioned as a reliable and scalable solution, Koongo targets e-commerce businesses seeking to expand their online presence efficiently. The website is professionally designed with clear navigation and multilingual support, primarily in Spanish, and includes trust signals such as customer testimonials and third-party review badges. Technically, the site is built on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security shortfall that undermines user trust and data protection. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a solid business and technical foundation but requires urgent improvements in security infrastructure to meet industry standards.

K

Koongo

koongo.de

0

Koongo is a medium-sized e-commerce technology company specializing in product feed management and multi-channel marketplace integration. The company offers a SaaS platform that enables online sellers to synchronize product data, inventory, and orders across over 500 sales channels including Amazon, eBay, and Google Shopping. Koongo positions itself as a comprehensive solution provider with integrations to numerous e-commerce platforms such as Magento, Shopify, WooCommerce, and others. The website is professionally designed, content-rich, and targets e-commerce businesses seeking to expand their online sales footprint efficiently. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom for customer engagement. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a detailed cookie consent mechanism and complies with GDPR requirements, reflecting a strong privacy posture. Overall, Koongo demonstrates a solid market presence with good business credibility but requires urgent improvements in its security infrastructure to meet industry standards.

K

Koongo

koongo.nl

0

Koongo is a medium-sized e-commerce technology company based in the Netherlands, owned by NoStress Commerce s.r.o. It provides a SaaS platform for product feed management and order synchronization across over 500 online marketplaces including Amazon, eBay, and Google Shopping. The website is professionally designed, content-rich, and targets online sellers seeking to expand multi-channel sales efficiently. Technically, the site runs on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business demonstrates strong market positioning and trust signals but must urgently address security shortcomings to protect user data and maintain credibility.

B

Bildungswerk der Sächsischen Wirtschaft

bsw-sachsen.de

0

Bildungswerk der Sächsischen Wirtschaft is a well-established educational organization focused on vocational training and professional development in the Saxony region of Germany. With over 30 years of experience and multiple subsidiaries, it offers a broad portfolio of services including further education, training seminars, and integration courses. The organization targets companies, employees, job seekers, and schools, positioning itself as a key regional player in workforce qualification and development. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and includes SEO-friendly structured data and social media integration. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in an insecure connection and lack of HTTPS enforcement. Other security best practices such as security headers, DNSSEC, and DMARC are also missing. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and cookie policies. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

Calls for Transfer

callsfortransfer.de

0

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

C

csad.cz

csad.cz

0

The website csad.cz appears to represent a transportation-related business, likely a bus or transport service based in the Czech Republic. However, the website content is extremely minimal, consisting only of a placeholder text with an IP address and no meaningful business or contact information. The technical infrastructure is outdated, running Apache 2.2.15 and PHP 5.6.11, with no SSL certificate installed, resulting in an unsecured HTTP-only site. There are no modern web technologies or CMS detected, and no performance or SEO optimizations are evident. Security posture is weak due to lack of HTTPS, missing security headers, and outdated software, exposing the site to potential risks. Privacy and compliance policies are absent, and no contact or incident response information is provided, limiting trust and credibility. Overall, the site is poorly maintained and lacks essential features for a professional online presence.

O

Ost-Ausschuss der Deutschen Wirtschaft e.V.

ost-ausschuss.de

0

The Ost-Ausschuss der Deutschen Wirtschaft e.V. is a medium-sized non-profit association based in Germany that facilitates economic cooperation and business relations between German companies and Eastern European and Central Asian markets. The organization provides services such as policy advocacy, networking events, delegations, and publishes relevant economic updates and reports. The website is professionally designed using Drupal 10 and integrates modern web technologies and analytics tools, targeting business stakeholders and policymakers. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly weakens its security posture. Privacy and cookie policies are present and include consent mechanisms, reflecting good compliance with GDPR requirements. Contact information is clearly provided, enhancing business credibility.

B

Bundesverband der Deutschen Industrie e.V.

bdi.eu

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 21 security findings identified across all modules.

V

VPG Vienna PASS GmbH

viennapass.de

0

VPG Vienna PASS GmbH operates the Vienna Pass website, offering sightseeing passes for tourists visiting Vienna. The business provides two main products: the Vienna PASS with access to up to 90 attractions and the Flexi PASS with a flexible number of visits. The website is built on TYPO3 CMS and integrates modern marketing and payment technologies such as Google Tag Manager, Usercentrics for consent management, and Adyen for payments. The site demonstrates good content quality, clear navigation, and mobile optimization, targeting tourists and culture enthusiasts. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and GDPR compliant, with active social media engagement and trust signals like Trustpilot and money-back guarantees enhancing business credibility.

W

WienTourismus

viennacitycard.at

0

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

0

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

M

Madri Lab

madrilab.com.br

0

Madri Lab is a Brazilian company specializing in multimedia services with a strong focus on educational technology, particularly hosting and customizing Moodle-based EAD platforms. Their market position is that of a niche service provider offering tailored solutions for educational institutions and corporate clients seeking to enhance their online learning environments. The website demonstrates a professional approach with good content quality and clear navigation, targeting Portuguese-speaking audiences in Brazil. Technically, the site is built on WordPress with Elementor and Yoast SEO, but lacks critical security features such as HTTPS, which significantly impacts its security posture. The absence of an SSL certificate and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic, with privacy and terms pages present but no cookie consent mechanism detected. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance credibility.

E

Expert EAD

aulaoead.com.br

0

Expert EAD is a specialized online education platform focused on LMS Moodle training, offering a comprehensive catalog of over 30 courses ranging from beginner to advanced levels. The platform targets educators, LMS administrators, developers, and IT professionals, providing certification and practical learning outcomes. The website is built on WordPress with Elementor and integrates marketing and analytics tools such as Google Analytics and Facebook Pixel. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security concern. Cookie consent mechanisms are implemented, but privacy policies and terms of service are not found, indicating potential compliance gaps. Business information is clearly presented, including parent company details and social media presence, enhancing credibility.

A

Agritech Lavrale S.A. - Divisão Lavrale

lavrale.com.br

0

Agritech Lavrale S.A. - Divisão Lavrale is a Brazilian manufacturing company specializing in agricultural machinery and components, with a legacy of approximately 50 years. The company offers a broad range of products including agricultural implements, cabines, military trailers, and spare parts, targeting agricultural workers and farmers. Their market position is established with a consistent brand presence and active social media engagement. Technically, the website is built on a custom or unknown CMS, served by an Apache server, and uses common web technologies such as JavaScript, Google Fonts, and Google Maps API. However, the site lacks HTTPS, which severely impacts its security posture. Security headers are minimal and some are disabled, indicating a need for significant improvements in security practices. Privacy and cookie policies are absent, which raises compliance concerns. Overall, the website provides good content quality and user experience but suffers from critical security and privacy shortcomings.

L

Lintec Ind. Com. de Motores e Equip. Movim. Materiais Ltda.

lintecmotores.com.br

0

Lintec Motores is a Brazilian company specializing in the manufacturing and distribution of energy generators, including diesel and gasoline models, as well as related equipment such as motobombas and motors. It operates as a subsidiary of Agrale S.A., leveraging the parent company's certification and quality standards to position itself as a provider of cost-effective and robust energy solutions primarily for the Brazilian market. The website serves as a platform for product information, distributor location, and post-sales support, targeting customers seeking reliable energy generation equipment. Technically, the website employs a traditional technology stack including nginx web server, jQuery libraries, Google Analytics, and Google reCAPTCHA for form security. However, it lacks modern security implementations such as HTTPS, valid SSL certificates, and advanced security headers, which exposes users to potential risks. The site shows basic mobile optimization and accessibility features but suffers from slow performance and outdated libraries. From a security perspective, the absence of HTTPS and TLS protocols is a critical vulnerability. While the site includes comprehensive privacy and cookie policies compliant with GDPR principles, it lacks explicit terms of service, security policies, and incident response contacts. The cookie consent mechanism is implemented via Popupsmart, providing users with control over cookie preferences. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. The overall risk assessment indicates a medium risk level due to missing HTTPS and outdated technologies. Strategic recommendations include immediate SSL implementation, upgrading security headers, modernizing the tech stack, and enhancing transparency with clear security and incident response policies to improve user trust and compliance.

N

newco.es

newco.es

0

The website newco.es currently serves only a minimal HTML page that immediately redirects visitors to a /lander path. There is no substantive content, metadata, or business information available on the root page. DNS records show the domain is registered and has valid A records, but lacks DNSSEC and CAA records. The SPF record is restrictive, disallowing all mail sending. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks and reducing trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact or company information is available. Overall, the digital maturity of the site is very low, with poor technical implementation and security posture.

T

TÜV NORD

tuev-nord.de

0

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

S

Stahlinstitut VDEh

vdeh.de

0

Stahlinstitut VDEh is a German-based institute specializing in steel technology, offering services such as seminars, standardization, membership, and publications. The website targets industry professionals and members within the steel manufacturing sector. The business model revolves around providing educational and industry services to its members and stakeholders. Technically, the website is built on PHP 7.4.33 with nginx and uses common frontend libraries like Bootstrap and jQuery. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The site is moderately optimized for mobile and has a good design and navigation structure but suffers from slow DNS resolution and no caching headers that could improve performance. Security posture is weak due to missing HTTPS, lack of advanced security headers, and no cookie consent mechanism. Privacy compliance is minimal with a privacy policy present but no explicit GDPR compliance or cookie consent. Business credibility is moderate with clear branding and professional content but lacks direct contact information and certifications. Overall, the site scores low on security and privacy compliance, which should be prioritized to improve trust and user safety.

F

freenet Internet

freenet-internet.de

0

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

D

DIZ | Digitales Innovationszentrum GmbH

digitalhub-ai.de

0

Digital Hub Applied Artificial Intelligence Karlsruhe is a regional technology ecosystem hub focused on advancing artificial intelligence and cybersecurity in Karlsruhe, Germany. It serves as a network facilitator offering services such as events, workshops, startup programs, and expert access to foster innovation and collaboration. The website presents a professional and consistent brand image targeting businesses and individuals interested in AI and cybersecurity. Technically, the site is built on the Contao CMS platform, using Apache server and common web libraries like jQuery and Leaflet. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. Security headers are present but insufficient without proper HTTPS. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy page, but GDPR compliance indicators and incident response information are missing. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy practices.

P

Page Not Found

bertelsmann-investments.com

0

The website bertelsmann-investments.com currently serves only a 404 error page indicating that no site configuration is found. There is no accessible business content, contact information, or policies available on the site. The site is powered by TYPO3 CMS but lacks a valid SSL certificate and does not support HTTPS, resulting in a poor security posture. The DNS configuration shows hosting and mail services linked to arvato-systems.de and servicemail24.de respectively, but no further business details are exposed. Overall, the site is non-functional from a user and business perspective, with minimal technical implementation and no privacy or compliance features.

B

BMG Rights Management GmbH

bmg.com

0

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

B

Bertelsmann

createyourowncareer.de

0

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

SIDN fonds : een sterk internet voor iedereen

sidnfonds.nl

0

SIDN fonds is a Dutch non-profit organization dedicated to supporting innovative internet projects that contribute to a safer and more inclusive internet. With over 400 projects funded since 2015, it holds a strong position within the Dutch internet community, focusing on themes such as cybersecurity, digital accessibility, and public values. The website provides comprehensive information about its mission, funding opportunities, and supported projects, targeting innovators and organizations involved in internet initiatives. Technically, the website is hosted on Google Cloud infrastructure using OpenResty as the web server. It employs a robust Content Security Policy and integrates multiple analytics and marketing tools including Piwik PRO and Google Analytics. The site is mobile-optimized with good accessibility and SEO practices. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the security posture. Security-wise, while several security headers are implemented, the lack of HTTPS and disabled TLS protocols expose the site to risks such as data interception and man-in-the-middle attacks. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the site is professionally designed and content-rich but requires urgent improvements in SSL/TLS deployment to enhance security and trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security headers to protect users and data effectively.

A

Aalto-yliopisto

aalto.fi

0

Aalto-yliopisto is a leading multidisciplinary university in Finland specializing in technology, business, and arts. The website reflects a mature digital presence with comprehensive content targeting students, researchers, staff, and partners. It offers extensive information on education programs, research initiatives, events, and community engagement. The site is multilingual and well-branded, emphasizing sustainability and innovation. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries, CDN caching via Fastly, and integrates analytics and consent management tools such as Google Tag Manager and Cookiebot. The site is mobile-optimized, accessible, and SEO-friendly, with fast loading times and clear navigation. Security posture is strong with HTTPS enforced, valid SSL certificates, and multiple security headers. However, DNSSEC and CAA records are not implemented, which could enhance DNS security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is available but lacks explicit security incident response contacts. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing DNS security, publishing vulnerability disclosure information, and improving incident response transparency.

I

Inland Southern California Climate Collaborative

iscclimatecollaborative.org

0

The Inland Southern California Climate Collaborative (ISC3) is a regional, cross-sectoral network focused on advancing equitable climate resilience solutions in Inland Southern California. The organization facilitates collaboration among agencies, organizations, and institutions to address climate risks such as heat, drought, and wildfires. The website serves as an informational platform providing resources, membership information, and regional climate reports. Technically, the site is built on WordPress with common plugins and libraries but suffers from a lack of a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication DNS records. Privacy compliance is minimal, with no privacy or cookie policies detected. Business credibility is moderate, supported by university facilitation and government partnerships, but could be improved with more transparent policies and contact information. Overall, the site is functional and content-rich but requires significant security and privacy improvements to enhance trust and compliance.

E

EnviroMetro

envirometro.org

0

EnviroMetro is a small non-profit coalition focused on advocating for green, equitable, and healthy transportation policies in Los Angeles. The coalition collaborates with Metro and other organizations to influence transportation investment priorities and has played a key role in shaping regional ballot measures. The website is built on WordPress and uses common plugins such as Yoast SEO and MailChimp for marketing and analytics. While the site provides useful content and contact information, it lacks critical security features such as a valid SSL certificate and security headers, which exposes visitors to risks. Additionally, privacy and cookie policies are absent, indicating compliance gaps. The site’s performance is slow, and technical implementation could be improved to enhance user experience and security.

C

Climate Resolve

climateplans.la

0

Climate Plans Los Angeles is a small, niche advocacy and informational website focused on promoting climate-conscious community planning within the City of Los Angeles. The site provides resources and information about local community plan areas and encourages integration of climate considerations into urban development. Technically, the site is built on WordPress with Elementor and uses common web technologies such as jQuery and Bootstrap. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies, as well as contact information, further reduces trust and compliance posture. Tracking technologies like Facebook Pixel and Google Analytics are present, indicating moderate user tracking without clear privacy disclosures. Overall, the site is functional but basic in content quality and technical implementation, with significant security and privacy gaps that should be addressed to improve user trust and regulatory compliance.

C

Climate Resolve

coolestinla.org

0

Climate Resolve is a well-established non-profit organization focused on climate advocacy and community engagement in Los Angeles. Their flagship event, Coolest in LA, celebrates 15 years of climate action and brings together leaders, advocates, and sponsors to promote sustainable solutions. The website is professionally designed using WordPress and Elementor, with good SEO and social media integration. The technical infrastructure leverages modern web technologies and Cloudflare for hosting and CDN services, ensuring good performance and availability. Security posture is adequate with HTTPS and valid SSL, but could be improved by enabling HSTS and DNSSEC. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Contact information is clearly provided, including obfuscated emails and a phone number. Overall, the site presents a credible and trustworthy image for a medium-sized non-profit organization.

P

Project Liberty LLC

thepeoplesbid.com

0

The People's Bid for TikTok is an initiative led by Project Liberty LLC aiming to create a consortium to purchase TikTok and migrate it to a decentralized platform that empowers users with control over their data. The website positions itself as a movement to reclaim digital rights and reshape social media governance. Technically, the site is built on Webflow, hosted on AWS infrastructure, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS protocols, lack of security headers, and no cookie consent mechanism, which significantly impact its security posture. Privacy policies and terms of service are present but basic, and contact information is limited to an email address. Overall, the site presents a professional and consistent brand image with good content quality but requires urgent security improvements to protect users and build trust.

M

Munich Urban Colab GmbH

munich-urban-colab.de

0

Munich Urban Colab GmbH operates a prominent innovation and coworking space in Munich, Germany, focused on developing and testing solutions for the future city through interdisciplinary and cross-sector collaboration. Positioned as one of Europe's largest startup centers, it serves startups, entrepreneurs, researchers, and public sector entities with services including coworking spaces, event venues, and community building. The website reflects a professional and well-branded digital presence with strong partnerships from major corporations and academic institutions. Technically, the site uses modern JavaScript modules, animation libraries, and a cookie consent management platform, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security practices are basic, with no security headers or HSTS enabled, and no incident response or vulnerability disclosure policies found. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and professional but requires urgent improvements in SSL and security configurations to enhance user trust and compliance.

G

GoDaddy, LLC

unternehmertum-vc.de

0

The domain unternehmertum-vc.de is currently a parked domain managed by GoDaddy, with no active business content or services hosted. The site primarily serves as a placeholder offering the domain for sale. The technical infrastructure is basic, relying on standard JavaScript and CSS with embedded third-party widgets for cookie consent (TrustArc) and customer reviews (Trustpilot). The site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No security headers or advanced domain security configurations such as DMARC, DNSSEC, or CAA records are present. Privacy compliance is minimal but includes a cookie consent mechanism via TrustArc. Overall, the website quality is poor with slow load times and minimal content, reflecting its parked status rather than an operational business site.

B

BCS Eventos

bcseventos.com.br

0

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

A

Attention Required! | Cloudflare

argoenergia.com.br

0

The website argoenergia.com.br is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) blocking page, preventing access to any substantive content. As a result, no direct business information, metadata, or contact details are available for analysis. The domain is associated with the energy sector in Brazil based on the domain extension and DNS records, but no further business insights can be derived from the blocked content. The technical infrastructure includes Cloudflare protection, a valid SSL certificate with basic configuration, and DNS records with SPF and DMARC policies indicating some email security measures. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. Performance metrics indicate a slow load time, likely due to the WAF challenge page. Security posture is moderate due to HTTPS and email authentication but lacks advanced security headers and HSTS enforcement. Overall, the site’s security and compliance posture cannot be fully assessed due to the blocking mechanism.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 11 security findings identified across all modules.

L

Landitec GmbH

scope7.de

0

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

0

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

H

Hochschule Ruhr West

hs-ruhrwest.de

0

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

0

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

0

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

B

Berufsgenossenschaft Rohstoffe und Chemische Industrie

bgrci.de

0

Berufsgenossenschaft Rohstoffe und Chemische Industrie (BG RCI) is a statutory accident insurance institution in Germany serving sectors such as mining, chemical industry, paper manufacturing, leather, sugar, and construction materials. The organization provides accident insurance, prevention, rehabilitation, and consulting services focused on occupational safety and health. The website targets entrepreneurs and insured members within these industries, offering information, publications, and access to online services such as a member portal. The site is built on TYPO3 CMS and uses modern JavaScript libraries and Matomo for analytics, indicating a moderate level of digital maturity. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence, but cookie consent mechanisms are missing. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM)

bgetem.de

0

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM) is a German statutory accident insurance institution serving sectors including energy, textiles, electronics, and media. The organization provides prevention, rehabilitation, compensation, and member services to insured companies and individuals. The website reflects a well-structured, content-rich platform targeting employers, insured persons, and safety professionals with comprehensive information and resources. Technically, the site is built on the Plone CMS with Bootstrap and jQuery, integrating Matomo analytics and Cookiefirst for consent management. However, the site lacks HTTPS encryption, which is a critical security deficiency. No security headers or modern TLS protocols are configured, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and ensure compliance with modern standards.

B

BG Verkehr

bg-verkehr.de

0

BG Verkehr is a German statutory accident insurance institution specializing in transportation and logistics sectors. The website provides comprehensive information about insurance coverage, prevention, rehabilitation, and training services tailored for employees and companies in these industries. The site targets German-speaking users and serves as an official communication channel for BG Verkehr's services and updates. Technically, the website is built on the Plone CMS platform, utilizing modern frontend libraries such as Bootstrap and Font Awesome, and integrates Piwik/Matomo for analytics and Cookiefirst for cookie consent management. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks and undermining trust. The site lacks security headers and advanced SSL configurations, which further impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professionally designed with good content quality and navigation but requires urgent security improvements to meet modern standards.

B

BG Kliniken – Klinikverbund der gesetzlichen Unfallversicherung gGmbH

bg-kliniken.de

0

BG Kliniken is a large non-profit healthcare organization in Germany specializing in acute care and rehabilitation for severely injured and occupationally ill patients. It operates one of the largest trauma center networks in the country, offering comprehensive medical services, research, and professional training through its BG Kliniken Akademie. The website is professionally designed with clear navigation targeting patients, insurance carriers, referring physicians, and job applicants. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Usercentrics for cookie consent and Google Tag Manager for analytics. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. DNS records show well-configured SPF and DMARC policies, enhancing email security. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent security improvements.