Security Directory

A

ASA Group

gruppoasa.com

0

ASA Group is a well-established manufacturer specializing in metal packaging for the food and chemical sectors, holding a strong market position as the largest independent group in Italy and the fourth largest in Europe. The company operates multiple production plants and subsidiaries across Italy, Switzerland, and the UK, with headquarters in San Marino. Their website reflects a professional business presence with clear branding and relevant content targeting industrial clients requiring metal packaging solutions. Technically, the website is built on Pimcore CMS with modern frontend technologies and integrates privacy management tools like Iubenda and Google Tag Manager for analytics and compliance. However, the absence of HTTPS and a valid SSL certificate represents a critical security gap, exposing users and business operations to potential risks. Security headers are minimal, and no advanced security policies are implemented, indicating room for significant improvement in security posture. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the website demonstrates good business credibility and content quality but requires urgent security enhancements to protect data and build user trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

San Marino Rtv

sanmarinortv.sm

0

San Marino RTV operates as the official radio and television broadcaster for the Republic of San Marino, providing live streaming services, news, sports, cultural programming, and event coverage. The website serves a diverse audience interested in local and international news, sports updates, and entertainment, positioning itself as a key media outlet within the country. The business model relies on public broadcasting complemented by advertising revenue streams. Technically, the site employs modern web technologies including nginx, Varnish caching, Fluid Player for video streaming, and integrates with major advertising and analytics platforms such as Google Analytics and Facebook Pixel. However, the absence of a valid SSL certificate and HTTPS support represents a significant security vulnerability, exposing users to potential data interception and undermining trust. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Overall, the website demonstrates strong content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

S

SCM Group

scmgroup.com

0

SCM Group is a well-established global leader in manufacturing woodworking and industrial machinery, with a strong presence in multiple material processing sectors. The company operates through a network of specialized subsidiaries and partners, serving diverse industries such as furniture, automotive, aerospace, and construction. Their website reflects a mature business with consistent branding and good content quality. Technically, the site uses a Pimcore CMS on a CentOS Apache server with modern analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, exposing it to security risks. Privacy compliance is well addressed through Iubenda policies and GDPR scripts. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect users and maintain trust.

I

Idexa web s.r.l.

idexaweb.com

0

Idexa Web is a professional web agency specializing in e-commerce, marketplace development, SEO, and web marketing services primarily targeting businesses in Rimini and San Marino. The company presents itself as experienced with 25 years in the industry and offers a comprehensive portfolio of projects and services. Technically, the website is built on WordPress with popular plugins and marketing integrations, but it lacks a valid SSL certificate, which is a critical security flaw. The absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, with active consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

Bioscience institute spa

bioinst.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 21 security findings identified across all modules.

I

ISS

issworld.com

0

ISS is a global leader in workplace experience and facility management services, operating in over 30 countries with more than 325,000 employees and 40,000 customers. The company offers integrated services including cleaning, food, technical, workplace, and facility management solutions designed to improve business performance and employee wellbeing. The website reflects a mature digital presence with multi-language support, comprehensive corporate and investor information, and active social media engagement. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel, with Sitecore as the CMS, indicating a robust and scalable infrastructure. However, the security posture is weakened by the absence of a valid SSL certificate and incomplete HSTS implementation, which are critical issues that need immediate remediation to protect user data and maintain trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

Energreen is a mature Belgian company specializing in high-quality, sustainable energy solutions including solar panels, home batteries, electric vehicle charging stations, heat pumps, and intelligent energy management systems. The company positions itself as a comprehensive provider for both residential and commercial customers, emphasizing energy independence and cost reduction. The website is built on modern technologies such as Next.js and React, hosted on AWS Cloudfront, and integrates multiple analytics and marketing tools with user consent mechanisms. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. The company provides clear contact information and maintains comprehensive privacy and cookie policies, supporting GDPR compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

M

Mission 21

mission-21.org

0

Mission 21 is a well-established Swiss non-profit organization dedicated to sustainable development and humanitarian aid across 18 countries in Africa, Asia, and Latin America. Their work focuses on peace promotion, education, health, food sovereignty, and combating violence against vulnerable groups. The organization is supported by church bodies, foundations, government agencies, and private donors, reflecting a robust and diverse funding model. The website presents comprehensive content in multiple languages, demonstrating a strong commitment to accessibility and outreach. Technically, the website is built on WordPress using the Astra theme and integrates various plugins for forms, e-commerce, and multimedia content. While the site is mobile-optimized and SEO-friendly, performance metrics are not available, indicating potential areas for improvement. The security posture is currently weak due to the absence of a valid SSL certificate and modern TLS protocols, which poses significant risks to user data and trust. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism, aligning with GDPR requirements. However, the site lacks explicit security policies and incident response information, which are important for transparency and user confidence. Overall, the domain registration data aligns well with the organization's identity, supporting legitimacy. Strategically, Mission 21 should prioritize securing their website with valid SSL/TLS certificates and updating their security configurations to protect user data and enhance trust. Enhancing transparency around security policies and incident response would further strengthen their credibility. Continuous monitoring and performance optimization will also benefit user experience and engagement.

L

Linekit

linekit.com

0

Linekit is an established Italian company specializing in the production and online sale of office furniture and furnishings. With over 25 years of experience, the company targets businesses and professionals seeking high-quality, ergonomic, and design-oriented office solutions. Their business model focuses on direct manufacturer sales, supported by consultancy, design services, and a partner reseller program. The website is professionally designed with rich content, including product portfolios, videos, and customer testimonials, enhancing user engagement and trust. Technically, the site is built on WordPress with WooCommerce and Elementor, hosted behind Cloudflare, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. Social media presence and marketing tools like Google Tag Manager and Facebook Pixel are actively used. Overall, the site demonstrates good business credibility but requires urgent security improvements to enable HTTPS and strengthen its security posture.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

0

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.

B

Biemme Srl

biemmebiagiotti.com

0

Biemme Srl is an established Italian manufacturing company specializing in innovative construction and industrial products, serving both national and international markets since 1983. The company offers a broad portfolio of products including structural reinforcements, insulation materials, and technical support services, supported by a professional and content-rich website. Technically, the website is built on WordPress with WooCommerce and Oxygen Builder, leveraging modern JavaScript libraries and SEO plugins, but suffers from performance issues and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS and security headers, although privacy compliance is well addressed through Iubenda policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance credibility.

Network & Knowledge is a professional services firm based in Brescia, Italy, specializing in accounting, legal, and business consultancy services. Established in 2000, the company has grown to a medium-sized firm with over 70 professionals across 7 offices serving more than 1,200 clients. Their service portfolio includes traditional accounting, legal consultancy, labor consultancy, and specialized training through their Academy. The website reflects a mature and professional business with consistent branding and comprehensive service descriptions targeting businesses in the Brescia province. Technically, the site uses Joomla CMS with modern frontend libraries and frameworks, but lacks HTTPS support, which is a critical security gap. Security headers are present but the absence of SSL/TLS significantly reduces the security posture. Privacy and cookie policies are implemented with GDPR compliance. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

The website at bsm.sm currently functions as a security gateway page implementing a CAPTCHA challenge to prevent automated or malicious access. It is not a traditional business website but a protective layer powered by BitNinja technology. The site uses outdated CMS platforms (Joomla 1.5 and WordPress 2.5) and lacks a valid SSL certificate, serving content over HTTP only. Google reCAPTCHA and Google Analytics are integrated for bot mitigation and visitor tracking. The absence of privacy, cookie, and terms of service policies, as well as contact information, limits the site's compliance and business credibility. DNS configuration lacks modern security features such as DNSSEC and CAA records. Overall, the site is slow to load and provides minimal content focused solely on CAPTCHA validation.

U

Università degli Studi di Ferrara

unife.it

0

The Università degli Studi di Ferrara is a well-established public university in Italy, providing a broad range of academic courses, research opportunities, and community engagement initiatives. The website targets students, researchers, and the general public, offering clear navigation and comprehensive institutional information. The university maintains an active presence on major social media platforms and provides transparent contact details and legal notices, enhancing trust and credibility. Technically, the website is built on the Plone CMS platform using Python and Zope technologies. While the site demonstrates good design, accessibility, and SEO practices, performance data is lacking, and the SSL/TLS configuration is critically deficient, with no valid certificate or HTTPS support detected. This significantly impacts the security posture and user trust. Security-wise, the site includes some security headers but lacks a valid SSL certificate, modern TLS protocols, and incident response contact information. Privacy and cookie policies are present and appear GDPR compliant, reflecting good privacy practices. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS security to protect users and data. The domain registration data aligns well with the university's identity, showing consistency and legitimacy. No suspicious patterns or privacy protection on WHOIS are present, supporting the trustworthiness of the domain.

Expansion Group is a San Marino-based media and communication agency established in 2011, providing advertising, digital marketing, design, and media portfolio services to a diverse client base. The company maintains a mature online presence with a well-structured website showcasing its portfolio and client successes. Technically, the website is built on WordPress with popular plugins and integrates common marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which exposes visitors to potential risks. Privacy compliance is addressed with a cookie consent banner and a privacy policy, but incident response and security policies are not publicly documented. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

C

Clementoni Spa

clementoni.com

0

Clementoni Spa operates a professional and well-branded e-commerce website focused on selling toys and educational products primarily in Italy. The website is built on the Shopify platform, leveraging modern web technologies and integrations such as Google Analytics, Facebook Pixel, and Iubenda for privacy compliance. The company demonstrates strong business credibility with clear contact information, social media presence, and comprehensive privacy and cookie policies. However, the website currently lacks a valid SSL certificate, which significantly impacts its security posture and user trust. The technical infrastructure is robust but could benefit from improved SSL/TLS implementation to ensure secure communications. Overall, the site is functional and user-friendly but requires urgent security improvements to meet industry standards.

E

Extera srl

extera.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

A

AC Milan

acmilan.com

0

AC Milan's official website serves as a digital platform for the football club to engage with fans by providing news, match information, and multimedia content. The site targets football enthusiasts and supporters of the club, leveraging a React-based frontend and delivery through AWS CloudFront CDN. Despite its global brand recognition, the website currently lacks a valid SSL certificate, resulting in no HTTPS support, which critically undermines its security posture. The absence of privacy and terms of service pages further impacts compliance and user trust. The cookie consent mechanism via OneTrust and integration of Google Tag Manager indicate some level of privacy and analytics maturity, but overall content quality and navigation are basic, with minimal visible business contact information.

P

Persado

persado.com

0

Persado is an enterprise AI marketing platform specializing in generating, optimizing, and personalizing marketing language at scale, primarily targeting banks and financial institutions. The company positions itself as a market leader with strong endorsements from major U.S. banks and credit card issuers. Their platform integrates compliance, performance, and personalization features, supported by multi-agent AI workflows and domain-specific models tailored for the financial sector. The website reflects a mature digital presence with comprehensive content, strong branding, and customer testimonials. Technically, the site is built on WordPress with modern themes and plugins, leveraging WP Engine hosting and Cloudflare CDN. It employs standard marketing and analytics tools such as Google Analytics, Google Tag Manager, Drift, Pardot, and Zapier. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, a critical security shortfall is the absence of a valid SSL/TLS certificate, resulting in no HTTPS encryption, which severely impacts the security posture. Security headers are properly configured, and the company demonstrates adherence to recognized security frameworks including ISO 27001 and SOC II type 2. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Despite the strong compliance and governance messaging, the lack of HTTPS is a major vulnerability that undermines user trust and data protection. Overall, Persado presents a professional and credible business with advanced AI-driven marketing solutions for finance, but must urgently address its SSL/TLS certificate issues to ensure secure communications and maintain enterprise-grade security standards.

U

University of Bristol

bristol.ac.uk

0

The University of Bristol operates a comprehensive and professional website serving prospective and current students, staff, alumni, and the wider community. The site provides detailed information on undergraduate and postgraduate courses, research activities, and community engagement, positioning the university as a leading educational institution in the UK and globally. The website content is well-structured, accessible, and rich in relevant information, reflecting a strong digital presence. Technically, the website employs modern JavaScript frameworks such as StencilJS and integrates tracking and analytics tools like Google Tag Manager and TrackedWeb. However, the site suffers from significant performance issues, including a slow load time and a large page size, which could impact user experience. Mobile optimization and accessibility are well addressed, contributing positively to overall usability. From a security perspective, the website exhibits critical weaknesses, notably the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Additionally, no security headers or advanced TLS protocols are enabled, and no incident response or vulnerability disclosure policies are publicly available. Privacy compliance is strong, with comprehensive privacy and cookie policies aligned with GDPR requirements. Overall, while the University of Bristol's website excels in content quality and business credibility, urgent improvements in security infrastructure and performance optimization are necessary to enhance trust and protect users. Strategic recommendations include implementing HTTPS, enabling security headers, optimizing performance, and publishing clear security policies.

T

TFP Group Inc.

tfpgroup.com

0

TFP Group Inc. is a specialized consulting firm focused on workforce development and training grant funding, operating nationally in the United States with over 25 years of experience. The company serves businesses and organizations seeking to develop talent pipelines and secure training incentives, working closely with government agencies across multiple states. Their website reflects a professional presence with clear service descriptions and contact information, targeting clients in workforce development sectors. Technically, the website is built on a modern WordPress platform using Elementor and related plugins, hosted behind Cloudflare with caching mechanisms. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact secure communications and user trust. Performance is rated slow, and SEO and accessibility features are basic. Security posture is weak due to missing HTTPS, lack of DMARC and DNSSEC, and no incident response or vulnerability disclosure information. Privacy compliance is minimal, with no privacy or cookie policies found. Business credibility is supported by clear contact details and a consistent brand message but is undermined by security and compliance gaps. Overall, the site is functional and informative but requires urgent security improvements and privacy policy implementations to enhance trust and compliance.

The website for gruppohera.it is currently inaccessible due to a CloudFront 403 error page blocking access, which prevents retrieval of any meaningful content or metadata. The domain is registered and consistent with an Italian energy sector business, but the lack of a valid SSL certificate and HTTPS support severely impacts the security posture. Additionally, a DNS subdomain takeover vulnerability was detected on the ftp subdomain, posing a risk of unauthorized control. The technical infrastructure relies on Amazon CloudFront for content delivery but is misconfigured, resulting in blocked access and poor performance. Overall, the site exhibits critical security and accessibility issues that must be addressed to restore trust and functionality.

T

Tecnoplay S.r.l.

tecnoplay.com

0

Tecnoplay S.r.l. is a mature and established company specializing in the distribution and sale of entertainment machines for gaming halls and public venues, with a strong presence in Italy and San Marino. The company positions itself as a leader with over 28 years of experience, offering products from internationally recognized brands such as Sega. Their business model focuses on providing high-quality amusement equipment and technical support services to family and gaming enthusiasts. The website reflects this positioning with clear branding, product categories, and contact information, targeting local businesses and consumers interested in amusement technology. From a technical perspective, the website is built on an older but functional technology stack including Apache server, jQuery, Bootstrap, and a proprietary CMS (TITANKA!). While the site is content-rich and well-structured with multilingual support, it suffers from performance issues and lacks modern optimization features. Mobile optimization and accessibility are basic but present. SEO practices are adequately implemented with proper meta tags and structured data. Security posture is a significant concern as the site does not implement HTTPS, exposing users to potential data interception risks. Security headers are partially implemented but insufficient without SSL/TLS. No advanced security policies or incident response information is publicly available. The absence of vulnerability disclosure or security.txt files further limits transparency. Privacy compliance is basic, with a privacy policy and cookie consent mechanism present, but GDPR compliance details are minimal. Overall, the website and business demonstrate moderate trustworthiness and professionalism but require urgent security improvements, especially the implementation of HTTPS. Strategic recommendations include upgrading security infrastructure, modernizing the technology stack, enhancing privacy compliance, and publishing clear security policies to improve user trust and regulatory adherence.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

Webfuse

webfuse.com

0

Webfuse is an enterprise-grade SaaS platform specializing in augmented web proxy technology that enables developers and organizations to modify and extend web applications without altering source code. The platform targets developers and enterprises seeking flexible, no-code web augmentation solutions, offering features such as virtual web sessions, automation workflows, multi-factor authentication, and real-time collaboration. The website presents a professional and consistent brand image, emphasizing compliance with major security frameworks like SOC 2, GDPR, ISO 27001, and HIPAA, and claims trust from Fortune 500 companies and global organizations. Technically, the website is built on Webflow CMS and integrates modern JavaScript libraries such as Vimeo Player API, Swiper.js, and analytics tools including Segment, Google Tag Manager, and Plausible Analytics. Hosting and CDN services are provided via Cloudflare and AWS infrastructure. While the site is mobile-optimized and accessible with good SEO practices, performance metrics indicate slow loading times, possibly due to large media assets and third-party scripts. From a security perspective, the site implements several HTTP security headers and cookie flags, but critically lacks a valid SSL certificate and proper TLS protocol support, severely undermining HTTPS security. No vulnerability disclosure or incident response contact information is provided, and privacy and cookie policies are absent, which impacts compliance posture. DNS records and WHOIS data indicate a legitimate and consistent domain registration without privacy protection, supporting the business's credibility. Overall, Webfuse demonstrates strong business credibility and technical sophistication but must urgently address SSL/TLS implementation and privacy compliance to improve security posture and user trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, publishing privacy and cookie policies, and adding explicit contact information for security incidents.

C

Celebrus Technologies plc

celebrus.com

0

Celebrus Technologies plc operates a sophisticated digital data and identity platform designed to capture, connect, and activate first-party data across multiple channels in real time. The company targets enterprise clients primarily in financial services, retail, healthcare, telecommunications, and hospitality sectors, offering solutions that enhance marketing personalization, fraud prevention, and compliance adherence. Their market position is strengthened by patented technology, a comprehensive product suite, and ISO 27001 certification, signaling a mature security posture. Technically, the website is built on HubSpot CMS with integrations of modern marketing and analytics tools, though performance is moderate and accessibility is basic. Security analysis reveals a critical gap in SSL/TLS implementation, with no valid certificate and lack of modern TLS protocols, which significantly impacts the security score. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain compliance.

W

Wise

transferwise.com

0

Wise is a leading global fintech company specializing in international money transfers, multi-currency accounts, and investment services. The company operates with a strong regulatory framework across multiple jurisdictions including Belgium, Estonia, Singapore, Australia, Canada, Malaysia, Japan, and Hong Kong. Its platform supports a wide range of currencies and payment methods, serving both personal and business customers worldwide. The website reflects a mature digital presence with comprehensive content, clear navigation, and extensive use of modern web technologies. However, a critical security issue is present due to an invalid SSL certificate and lack of modern TLS protocols, which significantly impacts the security posture. Despite this, the company demonstrates strong compliance with privacy regulations and maintains transparent advertising and analytics practices.

E

Earnnest

earnnest.com

0

Earnnest is a U.S.-based digital payment platform specializing in secure and convenient earnest money and real estate transaction payments. Positioned as the largest digital earnest money service in the country, Earnnest serves a broad audience including agents, brokerages, title and escrow companies, lenders, homebuilders, and MLS organizations. The platform offers multiple products such as the Earnnest App, Earnnest Pro, and escrow services, emphasizing convenience, security, and transparency in real estate payments. The company is trusted by major industry organizations and holds a SOC 2 Type 2 certification, reinforcing its commitment to security and compliance. Technically, the website is built on Webflow and leverages modern web technologies including Google Fonts, Google Analytics, Jetboost, and Cloudflare for hosting and CDN services. The site is mobile-optimized with excellent design quality and user experience. However, performance is currently slow, and accessibility is good but could be improved. SEO practices are good with proper meta tags and structured data. From a security perspective, the site lacks a valid SSL/TLS certificate and does not properly enable HTTPS, which is a critical vulnerability. While some security headers are present, the absence of TLS protocols and HSTS enforcement significantly weakens the security posture. No incident response or security policy information is publicly available. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, Earnnest presents a professional and trustworthy business with strong market positioning and credible trust signals. The primary risk lies in the lack of proper SSL configuration, which should be addressed immediately to protect user data and maintain trust. Strategic improvements in security and privacy compliance will enhance the platform's reliability and user confidence.

S

Spotler

spotler.nl

0

Spotler is a Dutch technology company founded in 2017 specializing in data-driven marketing software solutions. Their product suite includes customer data platforms, AI-powered chatbots, CRM, email marketing automation, and social media management tools. The company serves over 5,000 organizations, positioning itself as a trusted mid-sized player in the marketing technology sector. The website is professionally designed, multilingual, and rich in content including customer case studies and detailed product information. Technically, the site is built on WordPress, uses Cloudflare for hosting and CDN, and integrates modern marketing tools like Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS support, which is a critical issue for trust and compliance. Privacy and cookie policies are present and GDPR compliant, and the company holds ISO 27001 certification, indicating a commitment to information security. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

W

Wijzer in geldzaken

financieelfittewerknemers.nl

0

Financieel fitte werknemers is a Dutch government-backed initiative by the Ministry of Finance aimed at helping employers support employees with financial wellbeing. The website provides informational resources, toolkits, e-learning, and guidance to recognize and address financial stress in the workplace. It targets employers and HR professionals in the Netherlands, positioning itself as a niche government platform with consistent branding and good content quality. Technically, the site is hosted on a DigitalOcean IP, served by nginx, and uses modern web technologies including Google Tag Manager and ReadSpeaker for accessibility. However, the site suffers from critical security issues including an invalid or missing SSL certificate and no enabled TLS protocols, which severely impact its security posture. Performance is slow, but mobile optimization and accessibility are good. SEO practices are well implemented. Security-wise, while some best practices like HSTS header presence exist, the lack of valid SSL and TLS support is a major vulnerability. No incident response or security policy pages are found, and DNSSEC is not enabled. Privacy compliance is strong with clear cookie consent and privacy policies aligned with GDPR. Overall, the site is a credible government resource with good content and user experience but requires urgent security improvements to protect user data and trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, fixing DNS CAA records, and enhancing security headers and incident response readiness.

W

Wijzer in geldzaken

weekvanhetgeld.nl

0

Week van het geld is a Dutch national initiative focused on promoting financial literacy among children and youth through educational programs and partnerships with government and financial sector entities. The website serves as an information hub offering thematic packages, guest lessons, explainer videos, and toolkits for schools and parents. The initiative is positioned as a trusted, government-related non-profit with a clear target audience in the education sector. Technically, the website uses a modern stack including nginx, Google Tag Manager, and accessibility tools like ReadSpeaker. However, it suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security-wise, the lack of HTTPS and proper SSL configuration is a major vulnerability. While other security headers are partially present, the site does not implement advanced protections such as OCSP stapling or session resumption. No explicit security or incident response policies are published, which could be improved to enhance trust. Overall, the website is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, fixing DNS CAA records, and publishing security policies to improve compliance and user confidence.

W

Wijzer in geldzaken

geldlessen.nl

0

Geldlessen.nl is a Dutch educational platform operated by Wijzer in geldzaken, dedicated to improving financial literacy among school-aged children and youth in the Netherlands. The platform offers a comprehensive range of educational materials, teacher training, podcasts, and subsidy information to support financial education across primary, secondary, and vocational education sectors. It holds a strong market position as a trusted non-profit initiative with consistent branding and a clear mission. Technically, the website is built on a modern stack using nginx, JavaScript modules, and integrates Google Tag Manager and ReadSpeaker for accessibility and analytics. The hosting appears to be on DigitalOcean. The site is well-structured, mobile-optimized, and SEO-friendly, providing an excellent user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. From a security perspective, the site lacks a valid SSL/TLS certificate, uses no modern TLS protocols, and has malformed CAA DNS records. While some security headers like HSTS are present, the overall security posture is weak, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is a credible and professional educational resource but requires urgent security improvements, particularly in SSL/TLS deployment, to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, DNS record corrections, and publishing security policies to strengthen the security posture and compliance.

T

Title Forward

titleforward.com

0

Title Forward is a specialized title and settlement services company operating primarily in the United States, founded in 2012. The company leverages technology combined with traditional expertise to provide title insurance and settlement services across multiple states. Their market position is that of a customer-focused, technology-enabled service provider offering competitive pricing and personal service. The website reflects a professional and consistent brand with clear navigation and relevant content targeted at homebuyers and homeowners. Technically, the site uses modern frameworks such as React and is hosted on AWS infrastructure with CDN support, ensuring moderate performance and good mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business credibility is strong, supported by partner logos and social media presence, but the security weaknesses require urgent remediation.

B

Bay Equity LLC

bayequityhomeloans.com

0

Bay Equity LLC operates as a full-service home mortgage lender in the United States, licensed in 48 states and DC. The company offers a range of home loan products including first-time homebuyer loans, refinancing options, and specialty loans such as FHA, Jumbo, VA, and USDA loans. Their market position is supported by a broad network of local teams and a focus on personalized service through dedicated loan officers. The website is professionally designed with clear navigation and comprehensive content aimed at homebuyers and current homeowners. Technically, the website is built on a modern React and Gatsby framework, hosted on Netlify, indicating a contemporary and scalable infrastructure. While the site is mobile-optimized and includes accessibility features, performance metrics are not available for a complete assessment. The site employs cookie consent mechanisms and integrates third-party marketing and tracking tools responsibly. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability that undermines user trust and data protection. Security headers are partially implemented, but important features like HSTS are not fully enabled. No explicit security or incident response policies are found, and there is no vulnerability disclosure or security.txt file. Overall, the business appears legitimate and well-established, but the critical security issues related to SSL/TLS must be addressed immediately to ensure secure user interactions and compliance with best practices. Strategic recommendations include fixing the SSL configuration, enabling strong security headers, and enhancing transparency around security policies.

A

ApartmentGuide

apartmentguide.com

0

ApartmentGuide is a large-scale online real estate platform specializing in apartment rentals across the United States. It offers a comprehensive apartment search tool with listings, reviews, photos, and floor plans, targeting renters and property managers. The platform integrates with major networks such as Rent.com and Redfin, enhancing its market reach. Technically, the site employs modern web technologies including React and Next.js, hosted on AWS CloudFront CDN, and uses analytics tools like Datadog RUM and Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, lack of security headers, and no visible privacy or cookie policies, which raises concerns about user data protection and compliance. The site extensively tracks users without clear consent mechanisms, impacting privacy compliance. Overall, while the business model and technical infrastructure are solid, significant improvements in security and privacy compliance are necessary to enhance trust and protect users.

R

Rent.com

rent.com

0

Rent.com operates as a large-scale online real estate rental marketplace focused on providing users in the United States with access to apartments, houses, condos, and townhouses for rent. The platform offers key services such as property search, saved listings, rental price estimation, and business solutions for landlords. The website is built on modern web technologies including React and Next.js, hosted on AWS CloudFront, and integrates analytics and marketing tools like Datadog RUM and Google Tag Manager. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Additionally, privacy and cookie policies are not detected, and no explicit contact information is provided, which impacts user trust and compliance. The domain registration data aligns well with the business claims, showing consistent DNS and MX records without privacy protection masking. Overall, while the business model and technical infrastructure are solid, the security posture and privacy compliance require urgent improvements to enhance trustworthiness and user safety.

L

Lucid Software Inc.

lucid.app

0

Lucid Software Inc. operates the lucid.app domain, providing a comprehensive visual collaboration suite including Lucidchart and Lucidspark. The company targets teams and enterprises seeking intelligent diagramming and virtual whiteboarding solutions, positioning itself as a leader in the technology sector for collaboration tools. Their business model is SaaS-based with multiple integrated products, serving a global audience with a strong presence in the United States. The website demonstrates excellent content quality, professional design, and consistent branding, supporting a high level of business credibility. Technically, the website is built on modern frameworks such as Angular and integrates various third-party services including Google APIs, Microsoft Teams SDK, and Osano for cookie compliance. Hosting is managed via Akamai CDN, ensuring global availability. However, performance metrics are not available, and accessibility is basic but functional. SEO practices are good with proper meta tags and structured data. Security posture reveals critical issues: the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a significant risk for user data protection and trust. Security headers are well configured, but the lack of valid HTTPS severely impacts the overall security score. Privacy compliance is good, with a clear privacy policy, cookie consent mechanism, and GDPR compliance indicators. Contact information is transparent and professional, though no explicit incident response or vulnerability disclosure information is found. Overall, while the business and technical maturity are strong, the critical SSL/TLS misconfiguration poses a major risk. Strategic remediation of SSL issues is essential to restore trust and secure communications. The company should also consider publishing explicit incident response and vulnerability disclosure policies to enhance security transparency.

A

airfocus

airfocus.com

0

airfocus is a modular product management SaaS platform designed to help product teams manage strategy, prioritize roadmaps, and align stakeholders effectively. The company positions itself as an enterprise-ready solution with strong integrations such as Jira, targeting product managers and teams seeking flexible and scalable product management tools. The website content is rich, professionally designed, and includes multiple trust indicators such as certifications and customer testimonials, reflecting a mature business presence. Technically, the website is built using modern technologies including React and Gatsby, hosted on Google Cloud infrastructure. While the site demonstrates good SEO and mobile optimization, performance metrics are not explicitly available. Security headers are implemented, but the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, significantly impacting the security posture. The security posture shows strengths in header implementation and compliance certifications (ISO 27001, SOC2, GDPR), but the lack of a valid SSL certificate and missing cookie consent mechanisms are notable weaknesses. No incident response or vulnerability disclosure information is publicly available, which could be improved to enhance trust. Overall, the website is professional and trustworthy from a business perspective but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with best practices. Strategic recommendations include fixing the SSL certificate, enabling modern TLS protocols, implementing cookie consent, and publishing incident response details to strengthen security and privacy compliance.

S

Stichting De Friesland

stichtingdefriesland.nl

0

Stichting De Friesland is a Dutch non-profit foundation focused on supporting innovative healthcare projects that improve the quality of care and life for people. The website presents clear information about their mission, supported projects, and application procedures, targeting healthcare organizations and innovators. The foundation appears to have a solid market position within the regional healthcare sector in the Netherlands, with consistent branding and trust indicators such as ANBI status and links to reputable partners like Achmea. Technically, the website is built on Sitecore CMS with Vue.js and jQuery, hosted likely on Microsoft Azure. However, the site suffers from a lack of a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Performance is slow, with a high page load time, and some DNS misconfigurations are present. Privacy compliance is basic but present, with privacy and cookie policies available. Contact information is limited to a contact form, with no direct emails or phone numbers found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

The website pingvp.com currently serves minimal content consisting solely of a JavaScript redirect to https://www.pingvp.com/web/. There is no visible metadata, business information, or user-facing content on the landing page. The domain has valid DNS records including A, MX, and SPF records, indicating basic email and domain configuration. However, the absence of an SSL certificate and HTTPS support is a critical security deficiency. The site lacks privacy, cookie, and terms of service policies, as well as any contact or security-related information. This severely limits trust and compliance posture. Technically, the site runs on an Apache server but does not implement modern security headers or TLS protocols. Overall, the website is in an early or placeholder state with significant gaps in security, privacy, and content quality.

I

Insocial

insocial.nl

0

Insocial is a Dutch-based experience management platform founded in 2012, offering a suite of tools to collect and analyze customer and employee feedback. The company targets businesses aiming to enhance their brand, customer, service, user, and employee experiences through actionable insights and AI-powered analytics. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and various marketing technologies. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks. Security headers are implemented, but the lack of HTTPS and malformed DNS CAA records significantly weaken the security posture. Privacy compliance is partially addressed with a privacy policy and GDPR alignment, but no cookie consent mechanism is detected. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the site demonstrates a mature business with good digital presence but requires urgent security improvements.

D

De christelijke zorgverzekeraar

prolife.nl

0

De christelijke zorgverzekeraar is a Dutch health insurance provider focused on integrating Christian values with healthcare services. It operates as part of the larger Zilveren Kruis and Achmea insurance group, offering a range of basic and supplementary insurance products, including dental and mental health care. The website targets the Dutch Christian community, providing comprehensive information, online self-help resources, and customer service support. The company maintains a strong market position with positive customer ratings and active social media engagement. Technically, the website uses modern web technologies including jQuery, Vue.js, and Coveo search integrated with Sitecore CMS. The hosting is managed through Brandshelter DNS services. While the site is well-structured and mobile-optimized with good SEO and accessibility basics, it suffers from critical security shortcomings due to the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts its security posture. Security headers are properly configured, and privacy policies are comprehensive and GDPR compliant, reflecting a mature privacy stance. However, the lack of HTTPS and secure SSL/TLS configuration poses significant risks to user data and trust. The site employs extensive analytics and marketing tools, indicating a high level of user tracking and data collection. Overall, the website is professional and credible from a business perspective but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations to meet industry best practices.

Z

Zorgkantoor Friesland

zorgkantoorfriesland.nl

0

Zorgkantoor Friesland is a regional healthcare office responsible for the execution of the Long-term Care Act (Wlz) in Friesland, Netherlands. The organization provides long-term care advice, manages personal budgets (PGB), and coordinates care providers for consumers in the Friesland region. The website is professionally designed, well-structured, and targets consumers seeking long-term care services. It uses modern technologies including Sitecore CMS, Vue.js, and Coveo search integration, indicating a mature digital infrastructure. However, performance metrics are missing and inferred to be slow, suggesting room for optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a healthcare-related site. Privacy policies and cookie policies are present and GDPR compliant, but no explicit consent mechanism is detected. Contact information is clear with a phone number and contact form available, enhancing business credibility. Overall, the site is trustworthy but requires urgent security improvements to protect user data and comply with best practices.

S

Surfly

surfly.com

0

Surfly is a technology company specializing in universal co-browsing software that enables real-time web collaboration without requiring code changes or downloads. The platform targets enterprises across industries such as insurance, banking, healthcare, and e-commerce, offering APIs and integrations with major CRM and contact center software. Surfly positions itself as a market leader with over 3,000 organizations using its services, emphasizing ease of integration, security, and compliance. Technically, the website is built on Webflow CMS, uses modern JavaScript libraries like Swiper.js and jQuery, and is hosted behind Cloudflare CDN. The site is well-designed, mobile-optimized, and includes comprehensive privacy and cookie consent mechanisms. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The company demonstrates strong compliance with ISO 27001, SOC, and HIPAA standards, reinforcing trust for enterprise customers. Overall, the website is professional and credible but requires urgent remediation of SSL issues to ensure secure user interactions.

Awin AG operates a global affiliate marketing platform that connects advertisers, publishers, and agencies to facilitate online business growth through affiliate partnerships. The company is positioned as a global leader with a large customer base and extensive publisher network, supported by its parent company Axel Springer Group. The website presents a professional and comprehensive digital presence with clear business offerings and target audiences. Technically, the site uses modern JavaScript frameworks and integrates multiple analytics and marketing tools, hosted on AWS infrastructure with Akamai CDN support. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL issues to improve security and trust.

Outbrain Inc. operates a leading performance marketing platform focused on connecting businesses with engaged audiences through AI-driven content recommendation technology. As a subsidiary of Teads, Outbrain leverages nearly two decades of experience to deliver superior marketing outcomes on the Open Internet. The website presents a professional and well-structured digital presence targeting advertisers and media owners, emphasizing performance, agility, and data-driven results. Technically, the site uses modern web technologies including Google Tag Manager and Wistia for video content, hosted on Fastly CDN infrastructure. However, the security posture is notably weak due to the absence of a valid SSL certificate and lack of TLS protocol support, exposing the site to potential risks and undermining user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no direct contact information or incident response channels are publicly available. Overall, the site is credible and professionally maintained but requires urgent security improvements to align with best practices.

M

Mopinion

mopinion.com

0

Mopinion is a technology company specializing in real-time user feedback software for websites, apps, and email campaigns. Positioned as a market leader, Mopinion offers AI-powered insights, flexible survey templates, and seamless integrations with popular marketing and analytics tools. The company targets digital enterprises and professionals focused on customer experience, UX, and digital marketing. The website is professionally designed, content-rich, and supports multiple languages, reflecting a mature digital presence. Technically, the website is built on WordPress with modern front-end libraries such as jQuery, SwiperJS, and GSAP. Hosting is provided via AWS infrastructure, and marketing tools like Pardot and Google Tag Manager are integrated. While the site is mobile-optimized and accessible, performance metrics are unavailable. SEO practices are well implemented with comprehensive metadata and structured data. From a security perspective, the site implements several security headers but lacks a valid SSL certificate and HTTPS support, which is a critical vulnerability. No major vulnerabilities or malware indicators were found, but the absence of HTTPS significantly reduces the security posture. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms in place. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, Mopinion presents a trustworthy and professional digital footprint with strong business credibility and marketing sophistication. However, the lack of valid SSL/TLS is a critical security gap that must be addressed to protect user data and maintain trust.