Skip to main content

Is easyweek.io a Scam? Security Check Results - Awescode GmbH Reviews

easyweek.io favicon

Is easyweek.io Safe? Security Analysis for Awescode GmbH

https://easyweek.io/elilaser

Check if easyweek.io is a scam or legitimate. Free security scan and reviews.

TechnologyGermanymedium
JavaScriptGoogle Tag ManagerGoogle AnalyticsFacebook PixelCloudflare DNS
Analyzed 7/30/2025Completed 9:40:10 PM
70
Security Score
MEDIUM RISK

AI Summary

EasyWeek is a technology company operating an online booking software and CRM platform designed to support businesses in managing appointments, time, and object reservations with advanced automation and marketing capabilities. The company targets a broad range of industries including hospitality, wellness, healthcare, and retail, positioning itself as a comprehensive business management solution. Founded in 2019 and operated by Awescode GmbH in Germany, EasyWeek offers a SaaS model with multiple localized domains for regional markets, reflecting a mature and scalable business infrastructure. Technically, the website leverages modern JavaScript frameworks such as Nuxt.js, integrates Google Analytics, Google Tag Manager, and Facebook Pixel for marketing and analytics, and is hosted behind Cloudflare DNS services. The site demonstrates good performance, mobile optimization, and SEO practices, supported by structured data in JSON-LD format that enhances search engine visibility and user trust. From a security perspective, the site uses HTTPS with a clientTransferProhibited domain status, indicating protection against unauthorized domain transfers. However, DNSSEC is not enabled, and no explicit security headers or published security policies were detected. There is no visible privacy or cookie policy, which represents a compliance gap. No vulnerability disclosure or incident response information is published, which could be improved to enhance trust and security posture. Overall, EasyWeek presents a professional and trustworthy online presence with solid technical foundations and business credibility. Strategic recommendations include implementing DNSSEC, publishing comprehensive privacy and cookie policies, adding security headers, and establishing a vulnerability disclosure program to strengthen compliance and security maturity.

Detected Technologies

JavaScriptGoogle Tag ManagerGoogle AnalyticsFacebook PixelCloudflare DNS

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

EasyWeek operates in the competitive online booking and CRM software market, targeting businesses that require efficient appointment and resource management. Its SaaS business model with tiered pricing caters to various business sizes and needs. The presence of multiple localized domains indicates a strategic approach to international market penetration. The company benefits from strong customer ratings and reviews, which serve as trust signals. The integration of marketing and analytics tools supports data-driven growth and customer engagement. The lack of explicit privacy and security policies suggests an area for improvement to meet evolving regulatory requirements and customer expectations. Partnerships or subsidiaries are not explicitly identified, but the regional domains imply a broad operational footprint.

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

+4921197******

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a moderate security posture with HTTPS enabled and domain transfer protection. However, the absence of DNSSEC, security headers, and published security or incident response policies limits its security maturity. No exposed vulnerabilities or sensitive data were detected in the content. The use of third-party analytics and tracking scripts introduces moderate user tracking, which should be balanced with privacy compliance. The lack of a vulnerability disclosure program and security.txt file reduces transparency and responsiveness to security issues. Overall, the security posture is adequate but could be significantly improved with standard best practices and compliance documentation.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Awescode GmbH

Description:

Software and app for appointment booking, time or object reservation with advanced automation and marketing capabilities.

Key Services:
Appointment bookingTime and object reservationBusiness management CRMAutomationMarketing capabilities
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
JavaScriptGoogle Tag ManagerGoogle AnalyticsFacebook PixelCloudflare DNS
Frameworks:
Nuxt.js
Platforms:
Android
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enabled
  • Domain status clientTransferProhibited
  • No DNSSEC (not enabled)

Analytics & Tracking

Services:
Google AnalyticsGoogle Tag ManagerFacebook Pixel
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Facebook Pixel
Marketing Tools:
Facebook Pixel
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is fully accessible with no blocking or WAF challenge.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

45/100
Score

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

35/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Third-party services without privacy policy

HIGH

Detected services: Google Analytics, Facebook

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

47/100
Score

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

100/100
Score
No issues found
SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 a include:_spf.google.com include:servers.mcsv.net include:zoho.eu include:cmail1.com ip4:52.20.168.64 ip4:52.70.216.197 ip4:52.20.64.141 ip4:34.210.95.47 ip4:34.210.126.35 ip4:54.70.1.6 ip4:52.70.198.126 ip4:52.70.198.130 ip4:52.70.198.132 ip4:34.212.151.47 ip4:34.218.33.219 ip4:35.165.21.138 ip4:192.237.158.85 ip4:23.253.182.234 ip4:146.20.191.233 ip4:23.253.183.250 ip4:50.23.218.215 ip4:209.61.151.128 ip4:104.130.122.229 ip4:209.61.151.40 -all
DKIM Selectors Found
Selector:google(1416-bit rsa)
Selector:k2(1416-bit rsa)
DMARC Details
Policy:reject
Aggregate Reports:admin@easyweek.io
MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 84 days

Protocol Support

TLSv1.2TLSv1.3TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:138.199.132.88
Name Servers:
alec.ns.cloudflare.comDNS only
ingrid.ns.cloudflare.comDNS only
MX Records:
1: aspmx.l.google.com
5: alt1.aspmx.l.google.com
5: alt2.aspmx.l.google.com
10: alt3.aspmx.l.google.com
10: alt4.aspmx.l.google.com
SOA:Serial: 2379007974, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:250ms

SPF Analysis

SPF Record:
v=spf1 a include:_spf.google.com include:servers.mcsv.net include:zoho.eu include:cmail1.com ip4:52.20.168.64 ip4:52.70.216.197 ip4:52.20.64.141 ip4:34.210.95.47 ip4:34.210.126.35 ip4:54.70.1.6 ip4:52.70.198.126 ip4:52.70.198.130 ip4:52.70.198.132 ip4:34. 212.151.47 ip4:34.218.33.219 ip4:35.165.21.138 ip4:192.237.158.85 ip4:23.253.182.234 ip4:146.20.191.233 ip4:23.253.183.250 ip4:50.23.218.215 ip4:209.61.151.128 ip4:104.130.122.229 ip4:209.61.151.40 -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern web technologies including Nuxt.js, a Vue.js framework, and is hosted with Cloudflare DNS services, indicating a robust and scalable infrastructure. It integrates widely used analytics and marketing tools such as Google Analytics, Google Tag Manager, and Facebook Pixel. The site is well-optimized for mobile devices and SEO, with appropriate meta tags and structured data enhancing search visibility. Performance is fast, and the design is professional and user-friendly. However, the absence of CMS identification suggests a custom or proprietary solution. Technical debt appears low, but security-related technical improvements are recommended to align with best practices.
Analyze Another Website