High-risk security reports

M

Music Direct

musicdirect.com

40

Music Direct operates as a specialized e-commerce retailer focusing on high-end audio equipment and audiophile music products, including vinyl records and turntables. The company positions itself as a leading online destination for audiophiles and music enthusiasts, offering a broad catalog of equipment and music media. Their business model centers on direct online sales, supported by customer service, trade-in programs, and financing options. The website reflects a mature digital presence with comprehensive product offerings and clear navigation tailored to their target audience. Technically, the website is built on the BigCommerce platform using the Stencil framework, leveraging modern web technologies such as jQuery, Bootstrap, and OwlCarousel. The site integrates multiple marketing and analytics tools including Google Analytics 4, Klaviyo, Lucky Orange, and Yotpo, indicating a sophisticated approach to customer engagement and data-driven marketing. Hosting is provided via Cloudflare, enhancing performance and availability. From a security perspective, the site exhibits significant weaknesses. Despite Cloudflare hosting, the SSL certificate is invalid or missing, and no TLS protocols are enabled, resulting in unencrypted HTTP traffic. Security headers such as X-Frame-Options and X-Content-Type-Options are present, but critical HTTPS enforcement and HSTS configurations are lacking. These deficiencies expose the site and its users to potential interception and downgrade attacks. Privacy and cookie policies are well implemented with consent mechanisms, reflecting compliance with GDPR and related regulations. Overall, while the business and technical infrastructure are solid and professional, the lack of proper SSL/TLS configuration is a critical security gap that undermines user trust and data protection. Addressing this issue should be a top priority to ensure secure transactions and compliance with industry standards.

T

Theater Regensburg

theaterregensburg.de

25

Theater Regensburg is a public theater institution located in Regensburg, Germany, offering a diverse range of cultural performances including music theater, dance, and plays. The website serves as a portal for event information, ticket sales, and community engagement, targeting local and regional audiences interested in cultural arts. The business operates primarily in the hospitality and cultural sector with a medium-sized organizational footprint. Technically, the website employs a modern frontend stack with libraries such as jQuery, Bootstrap, and Font Awesome, providing a good user experience and mobile optimization. However, the absence of a valid SSL certificate and missing DNS records represent significant technical and security shortcomings. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR. The site maintains active social media channels and provides clear contact information, enhancing business credibility. Overall, the website is functional and professional but requires urgent improvements in security infrastructure to protect user data and improve trust.

The website 'Das Viertel liefert' serves as a local food delivery platform targeting residents in Bremen, Germany. It aggregates various local restaurants offering diverse cuisines such as burgers, pasta, sushi, Italian pizza, and Syrian specialties. The business model focuses on online food ordering and delivery, leveraging third-party ordering platforms. The site content is basic but relevant, with a clear focus on local hospitality services. Technically, the website is minimalistic, using nginx as the server and Google Fonts for typography. There is no evidence of a CMS or advanced frameworks. The site lacks HTTPS, which is a critical security flaw, and no modern security headers or mechanisms are implemented. Performance metrics are unavailable, but the site appears to have basic mobile optimization and accessibility. From a security perspective, the absence of SSL/TLS encryption, security headers, and DNS security features exposes users to potential risks. No privacy or cookie policies are present, indicating non-compliance with GDPR. No contact or incident response information is provided, limiting trust and transparency. Overall, the website presents a low security posture and limited privacy compliance, which negatively impacts its trustworthiness and professional appearance. Strategic improvements in security, privacy policies, and contact transparency are recommended to enhance user trust and regulatory compliance.

S&P Global Commodity Insights is a leading enterprise providing comprehensive commodity market data, price assessments, and analytics, leveraging over a century of expertise. The website is professionally designed, highly relevant to its target audience of energy and commodity market professionals, and employs modern technologies including Adobe Experience Manager and various JavaScript libraries. However, a critical security issue is present due to an invalid or missing SSL certificate, which significantly impacts the site's security posture. Despite this, the site maintains strong privacy compliance with clear policies and consent mechanisms. The domain registration data aligns well with the business identity, reinforcing legitimacy. Strategic recommendations include immediate remediation of SSL issues, enhancement of security policies, and implementation of incident response and vulnerability disclosure frameworks.

Pelipal is a well-established German manufacturer and retailer specializing in high-quality bathroom furniture with a history spanning over 110 years. The company targets consumers and retail partners primarily in Germany, Austria, and Switzerland, offering a broad product range including mounted and customizable bathroom furniture, mirrors, and accessories. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site uses a traditional Apache server with jQuery and other JavaScript libraries, managed via the dialogperfect® CMS platform. However, the website lacks HTTPS support, which is a critical security shortfall. Security headers are minimal, and no advanced security policies or incident response information is provided. The cookie consent mechanism is implemented, indicating some privacy compliance efforts. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

B

Bella Concerts

bellaconcerts.com

40

Bella Concerts is a specialized booking agency based in Vienna, Austria, focusing on nurturing and promoting talented artists primarily in the jazz and related music genres. The company offers artist booking services along with publishing and synchronization divisions, aiming to provide personalized career strategies for its clients. The website reflects a professional and consistent brand image with a clear artist portfolio and contact information, targeting music industry professionals and fans. Technically, the site is built on Webflow with modern JavaScript libraries and hosted behind Cloudflare, ensuring good performance and mobile optimization. However, the critical lack of a valid SSL certificate and HTTPS implementation significantly undermines the site's security posture, exposing visitors to risks and potentially affecting trust. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance to a basic degree. Overall, the business appears legitimate and well-positioned in its niche, but urgent security improvements are necessary to protect users and enhance credibility.

V

VICE

vice-shop.com

40

VICE operates a global media brand with an associated e-commerce platform selling branded merchandise. The website is built on Shopify and integrates multiple media content categories including video, TV, news, culture, and music. The site targets a broad audience interested in contemporary media and lifestyle products. Technically, the site uses modern frameworks and is hosted via Cloudflare with Shopify's infrastructure, but critically lacks a valid SSL certificate, impacting security and user trust. Security headers are well implemented, but the absence of HTTPS is a major vulnerability. Privacy compliance is minimal with no visible cookie consent mechanisms, which may expose the business to regulatory risks. Overall, the site is professionally designed with good navigation and consistent branding, but improvements in security and privacy compliance are necessary.

N

neu plus herz gmbh

neuplusherz.at

26

Neu plus herz gmbh is a small, independent full-service advertising agency based in Vienna, Austria, with over 25 years of experience. The company offers a broad range of services including design, photography, text, communication, web, social media, and marketing, targeting businesses seeking comprehensive advertising solutions. Their website reflects a professional and consistent brand image with a clear presentation of services and client portfolio. Technically, the site is built on WordPress using the OnePress theme and several plugins such as Yoast SEO and Matomo Analytics, indicating a modern CMS infrastructure. However, performance metrics are missing, and the site is rated as slow in loading.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

F

FLUSSBAU iC GesmbH

flussbau-ic.at

25

FLUSSBAU iC GesmbH is a specialized consulting company operating internationally with a focus on water and river engineering, including flood protection, hazard zone planning, and water infrastructure construction. The company offers comprehensive services from planning to execution and engages in research and development to maintain innovation. The website reflects a professional and consistent brand presence targeting professionals and organizations in the water engineering and environmental sectors. Technically, the website is built on TYPO3 CMS with common web technologies like jQuery and Bootstrap, providing a good user experience and mobile optimization. However, the absence of HTTPS is a critical security flaw that severely impacts the site's security posture. The site implements a cookie consent mechanism and provides clear contact information, but lacks advanced security headers and domain security features such as DNSSEC and CAA records. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in security and compliance are recommended to enhance trust and protect user data.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

E

ELEA iC projektiranje in svetovanje d.o.o.

elea.si

26

ELEA iC projektiranje in svetovanje d.o.o. is a well-established Slovenian engineering and architectural consulting firm with over 30 years of experience. The company offers a broad range of services including structural engineering, geotechnics, architecture, low construction, geology, hydrogeology, and project management. It is part of the iC Group, a larger interdisciplinary consulting group based in Vienna, which enhances its market reach and expertise. The website is professionally designed, content-rich, and targets clients in the construction, infrastructure, and real estate sectors primarily in Slovenia. The firm emphasizes sustainability and advanced technologies such as BIM in its operations.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

K

Kverneland Group

kvernelandgroup.com

28

Kverneland Group is a prominent international enterprise specializing in the development, manufacturing, and distribution of agricultural implements, electronic solutions, and digital farming services. The website reflects a well-established brand with a clear focus on agricultural professionals and partners, offering extensive content about products, news, and events. The company maintains multiple regional subdomains and partner portals, indicating a broad market presence. Technically, the site is built on a legacy CMS (eZ Publish) and integrates modern analytics and marketing tools such as Google Analytics, Hotjar, and Facebook Pixel, alongside a robust cookie consent mechanism. However, the absence of a valid SSL certificate and lack of DNS records represent significant security and configuration gaps. Security headers are partially implemented, but the lack of HTTPS severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security infrastructure to align with enterprise standards.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Henry Mex's website serves as an informational platform for the artist's work as a composer, musician, and artistic director in the contemporary music scene. The site highlights upcoming and past events, projects, and compositions, targeting an audience interested in experimental and chamber music. The business model revolves around artistic promotion, event participation, and music education. Technically, the website is basic, relying on static HTML with embedded YouTube videos and hosted on an Apache server via Ionos. There is no evidence of modern CMS or advanced web technologies, and performance appears limited. Security posture is weak, with no valid SSL certificate or HTTPS support, exposing visitors to risks. Privacy compliance is minimal, lacking privacy or cookie policies and no user data collection mechanisms. Overall, the site is functional for informational purposes but requires significant improvements in security and compliance to meet modern standards.

Adjust GmbH operates a leading mobile measurement and analytics platform designed to accelerate app growth through comprehensive attribution, fraud prevention, and marketing automation solutions. The company targets app marketers and developers globally, offering a suite of products including Measure, Analyze, Engage, Recommend, Automate, and Protect. Hosting on Vercel with a modern Nuxt.js and Vue.js frontend, the website demonstrates strong digital maturity and internationalization with multiple language support. However, a critical security issue is present due to an invalid or missing SSL certificate, significantly impacting the security posture. While security headers are mostly configured, the lack of valid HTTPS undermines trust and data protection. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism was detected. Contact information is primarily via forms, with no explicit emails or phone numbers visible. Overall, the site is professional and content-rich, but urgent remediation of SSL issues is recommended to improve security and user trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

S.I.O.T. spa

tal-oil.com

29

The TAL Group operates a strategic transalpine oil pipeline transporting energy from the Port of Trieste to Central European refineries, with subsidiaries in Italy, Austria, and Germany. The website presents a professional and consistent business profile focused on energy transportation and sustainability, targeting European industrial and governmental stakeholders. Technically, the site is built on WordPress with common plugins for user management and GDPR compliance, hosted likely on Cloudways. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, despite the presence of several security headers. Privacy and cookie policies are well implemented and GDPR compliant, but no explicit terms of service or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to enable HTTPS and modern TLS protocols.

W

Wartenberg & Co · Großhandel: Hydrokolloide, Lecithine, Stärke, Zucker

wartenberg.at

26

Wartenberg & Co is a well-established Austrian family-owned business specializing in the wholesale distribution of sugar and food raw materials, with over 100 years of market presence. Their product portfolio includes various types of sugar, starch and derivatives, hydrocolloids, lecithins, and other food additives, with a strong emphasis on sustainability, bio and fair trade certifications, and personalized customer service. The website is built on WordPress with Elementor and includes modern SEO and GDPR compliance features. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. The company demonstrates good business credibility and compliance with industry standards such as the IFS Broker certification. Strategic improvements in security infrastructure are recommended to enhance the overall security posture and trustworthiness.

I

IGT Geotechnik und Tunnelbau Ziviltechniker G.m.b.H.

ate.consulting

25

Austrian Tunnel Engineers (ATE) is a specialized engineering consultancy focused on complex tunnel construction projects worldwide. The company emphasizes its Austrian roots and over 35 years of cumulative experience, offering a wide range of services including project design, geotechnical and structural engineering, consulting, and site supervision. The website presents a professional and comprehensive overview of their expertise and project portfolio, targeting infrastructure developers and engineering firms. Technically, the site is built on WordPress with optimization plugins but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and no advanced SSL configurations. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and enhance trust.

P

Pep Boys

pepboys.com

30

Pep Boys operates as a large retail and automotive service provider in the United States, specializing in automotive parts, tires, and vehicle maintenance services. The company targets vehicle owners seeking aftermarket parts and repair solutions. However, the website content is currently inaccessible due to a PerimeterX bot mitigation challenge, preventing direct analysis of the site's user-facing content and policies. The domain and DNS configurations appear legitimate and consistent with an established business entity.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

T

Tecan Trading AG

tecan.com

40

Tecan Trading AG is a well-established Swiss company specializing in healthcare innovation, laboratory automation, diagnostics, and OEM partnering services. Their website reflects a strong market position with comprehensive product offerings in life sciences and diagnostics, supported by detailed investor relations and corporate policies. The digital infrastructure is built on HubSpot CMS, leveraging modern marketing and analytics tools such as Google Tag Manager and Microsoft Clarity, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to an invalid or missing SSL certificate and lack of modern TLS protocol support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 12 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Y

Yeates

yeates.co.uk

26

Yeates is a well-established family-run removals and storage company operating in Clevedon and Weston-super-Mare, UK, with over 100 years of history. The company offers a range of services including household removals, packing, containerised storage, self storage, and shredding services. It holds reputable certifications such as Which? Trusted Trader and memberships with the Self Storage Association and The Furniture Ombudsman, reinforcing its market credibility and trustworthiness. The website is designed to target residential and business customers seeking reliable moving and storage solutions in the local area. Technically, the website is built on WordPress with modern plugins and tools for SEO and marketing, but lacks a valid SSL certificate, which is a critical security gap. The site is mobile responsive and includes structured data for enhanced SEO.

M

MobileIron

mobileiron.com

40

MobileIron is an enterprise technology company specializing in mobile-centric zero trust security and unified endpoint management (UEM) solutions. Founded in 2007 and acquired by Ivanti in 2020, MobileIron offers a suite of products including mobile device management, zero sign-on, mobile threat defense, and secure connectivity. The website reflects a professional and consistent brand presence with internationalization support and integration into Ivanti's ecosystem. Technically, the site uses ASP.NET, Cloudflare CDN, and modern analytics tools such as Microsoft Application Insights and Google Tag Manager, with cookie consent managed by OneTrust. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is partially addressed through cookie consent but lacks an explicit privacy policy and terms of service. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security to align with enterprise standards.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

IntelliEdge GmbH is a technology company specializing in cloud, edge computing, AI, and IoT solutions, primarily targeting SMEs and organizations seeking digital transformation. The company is a TU Wien spin-off with strong academic and industry partnerships, delivering services such as sustainable engineering, AI and data solutions, agile project inception, and innovation advisory. Their market position is that of a young, innovative, and trusted technology partner with a focus on quality and agile delivery. Technically, the website uses modern frontend libraries and is hosted on AWS infrastructure but lacks a valid SSL certificate, resulting in no HTTPS availability and a slow performance profile. Security posture is weak due to missing SSL/TLS, lack of security headers, and no advanced domain security configurations. Privacy compliance is basic with presence of privacy and cookie policies but no explicit consent mechanisms. Business credibility is strong with clear company information, testimonials, and partner listings. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and improve trust.

Burger King's website at bk.com presents a minimalistic digital presence primarily built using modern web technologies such as React Native Web and Expo Router, hosted on AWS infrastructure with CloudFront CDN. The site includes a cookie consent mechanism via OneTrust, indicating some level of privacy compliance effort. However, the website lacks visible content such as privacy policies, terms of service, or contact information, which limits user trust and transparency. From a security perspective, the site is undermined by the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. While security headers are properly configured, the lack of encryption and presence of a subdomain takeover vulnerability on dev.bk.com represent significant security concerns. The DNS and WHOIS data indicate legitimate domain registration consistent with the brand, but the subdomain issue requires urgent remediation. Overall, the website's technical infrastructure is modern but incomplete in critical areas such as security and content completeness. The lack of essential legal and contact information, combined with security vulnerabilities, results in a moderate to low trust level. Strategic improvements in SSL deployment, vulnerability mitigation, and content enrichment are necessary to enhance security posture and user confidence.

The Bernard Gruppe is a medium-sized, owner-managed engineering group founded in 1983, specializing in interdisciplinary engineering services across energy, industry, infrastructure, and transportation sectors. With approximately 400 employees and operations in over 40 countries, the company offers comprehensive consulting, planning, and project realization services, including specialized software and hardware solutions. The website content reflects a professional engineering firm with a broad service portfolio and international presence. Technically, the website is built on WordPress using the Avada theme and includes a cookie consent mechanism from an external provider. However, the site lacks HTTPS support and modern security configurations, which significantly impacts its security posture. Performance data is missing, and SEO and accessibility features are basic. No analytics or tracking services beyond cookie consent are detected. From a security perspective, the absence of a valid SSL certificate and HTTPS is a critical vulnerability, exposing users to potential data interception risks. The site also lacks security headers, DNSSEC, and other modern protections. No privacy policy, terms of service, or incident response information is provided, indicating gaps in compliance and security transparency. Overall, the website presents a moderate business credibility but suffers from significant security and privacy shortcomings. Strategic improvements in SSL deployment, security headers, and privacy documentation are essential to enhance trust and compliance.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

E

Envases Öhringen GmbH

huber-packaging.com

40

Envases Öhringen GmbH is a well-established German manufacturer specializing in metal and plastic packaging solutions, with a strong global presence and leadership in the beverage packaging sector, particularly 5-liter party kegs. The company operates multiple sites worldwide and emphasizes sustainability and quality, supported by ISO certifications and a whistleblower system. The website is built on the Jimdo CMS platform, featuring good content quality, clear navigation, and a professional design tailored to industrial clients. However, the technical infrastructure shows weaknesses in SSL implementation, lacking a valid HTTPS certificate, which poses a significant security risk. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business credibility is high, supported by consistent WHOIS data and comprehensive contact information.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

The website alpineaccess.com currently presents minimal content, consisting solely of a redirect script to a /lander page, with no accessible metadata, forms, or business information. The domain is registered and DNS records show multiple IPv4 addresses but lack proper MX records and DNSSEC. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks and reducing user trust. No privacy, cookie, or terms of service policies are present, and no contact information or social media links are available, indicating a very low level of digital maturity and business transparency. The site appears either under development or intentionally minimal, with potential WAF or security blocking mechanisms limiting content visibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

4

4DESIGN

4design.co

28

4DESIGN is a New Zealand-based industrial design and product development consultancy specializing in creating innovative and award-winning products for a diverse clientele including companies, startups, and individuals. The company offers a broad range of services such as industrial design, engineering, prototyping, UI/UX design, manufacturing, and 3D printing. Their market position is strong within the manufacturing and technology sectors, supported by multiple awards and recognized certifications. The website reflects a professional and consistent brand image with excellent content quality and clear navigation, targeting clients seeking high-quality design consultancy services. Technically, the website is built on WordPress and leverages common technologies including Apache server, jQuery, Google Analytics, and various plugins for SEO and social media integration. Hosting is provided by InMotion Hosting. However, the website lacks HTTPS, which is a critical security shortfall. Performance is moderate with good mobile optimization and basic accessibility features. SEO is well implemented with comprehensive metadata and structured data. From a security perspective, the absence of a valid SSL certificate and HTTPS support significantly lowers the security posture. No advanced security headers or incident response policies are evident. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or terms of service found. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional and credible but requires urgent security improvements, particularly enabling HTTPS and enhancing privacy compliance to meet modern standards. Strategic recommendations include installing SSL, enabling security headers, and implementing cookie consent mechanisms to improve trust and compliance.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

B

bikemap.net

bikemap.net

40

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.