Security Directory

B

BHW Bausparkasse AG

bhw.de

0

BHW Bausparkasse AG is a well-established German financial institution specializing in building savings and home financing products. The company operates a comprehensive website offering detailed information on its products, services, and customer support, targeting private customers interested in real estate financing and savings. The website is built on Adobe Experience Manager and integrates Webtrekk analytics for user tracking and marketing optimization. Security measures include a valid SSL certificate with TLS 1.2 and strong cipher suites, SPF and DMARC email authentication, and multiple domain verification records, although improvements such as enabling HSTS, OCSP stapling, and TLS 1.3 are recommended. The company maintains GDPR-compliant privacy and cookie policies with explicit consent mechanisms. Contact information is clearly provided with phone numbers and contact forms, but no explicit data protection officer contact or security policy page was found. Overall, the website demonstrates a mature digital presence with good usability and trust indicators, supported by strategic partnerships with Deutsche Bank and Postbank.

N

norisbank GmbH

norisbank.de

0

norisbank GmbH is a direct bank subsidiary of Deutsche Bank Gruppe, headquartered in Bonn, Germany. The company offers a range of financial products including credit, checking accounts (Girokonto), savings accounts (Tagesgeld), credit cards, and securities depot services. The website demonstrates a strong market position with multiple awards and certifications, targeting private customers, business clients, students, and youth. The business model focuses on digital banking services with an emphasis on online and mobile banking platforms. Technically, the website is built on Adobe Experience Manager with integrations for Adobe Analytics and Usercentrics for consent management, reflecting a mature digital infrastructure. However, the website currently lacks a valid SSL/TLS certificate, which is a critical security vulnerability. Email security is well configured with SPF and DMARC policies. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, but requires urgent improvements in SSL security to protect user data and maintain trust.

G

Girokonto eröffnen, günstige Kredite, Sparen und Anlegen | Postbank

postbank.de

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 27 security findings identified across all modules.

M

maxblue

maxblue.de

0

maxblue is the online brokerage platform of Deutsche Bank AG, offering a comprehensive suite of investment and trading services including securities trading, depot management, and savings plans. The website positions itself as a strong partner for both beginners and professional investors in Germany, providing extensive market data, analysis, and digital tools. Technically, the site is built on Adobe Experience Manager with Angular framework, leveraging modern web technologies and integrating Adobe Launch for marketing and analytics. Security measures include strong TLS 1.2 encryption, SPF and DMARC email policies, and absence of major SSL vulnerabilities, though improvements like enabling HSTS and TLS 1.3 could enhance security further. The site demonstrates good privacy compliance with clear policies and consent mechanisms. Overall, maxblue presents a professional, trustworthy, and well-structured online brokerage service with a solid digital infrastructure.

B

Berenberg

berenberg.com

0

Berenberg is a historic and well-established financial institution founded in 1590, headquartered in Hamburg, Germany, with a strong presence across Europe and the United States. The company offers a comprehensive suite of financial services including investment banking, corporate banking, asset management, and fund management. It is recognized as one of Europe's leading advisors with a large equity research team covering over 800 European companies. The website reflects a mature digital presence with detailed business information, multiple international office locations, and a focus on client service and sustainability. Technically, the website employs modern web technologies such as JavaScript frameworks, SVG graphics, lazy loading, and structured data for SEO. Hosting is on Microsoft Azure with DNS managed by Colt, and the SSL configuration is robust with TLS 1.2 and strong cipher suites. Cookie consent is managed via CookieFirst, ensuring compliance with privacy regulations. However, there is room for improvement in security headers and protocols, such as enabling HSTS, DNSSEC, and TLS 1.3. From a security perspective, the site demonstrates good practices including SPF and DMARC email protections, OCSP stapling, and no detected SSL vulnerabilities. The privacy policy and cookie consent mechanisms are comprehensive and GDPR compliant. No explicit incident response or vulnerability disclosure pages were found, which could be enhanced to improve transparency and security posture. Overall, Berenberg's website and digital infrastructure reflect a high level of professionalism and trustworthiness, supporting its position as a major player in the financial services sector. Strategic improvements in security protocols and transparency could further strengthen its risk management and client confidence.

H

HBL Solutions

hblsolutions.ch

0

HBL Solutions is a Swiss Banking-as-a-Service provider operating under the regulated banking license of Hypothekarbank Lenzburg AG. The company specializes in embedding banking products such as accounts, cards, payments, securities portfolios, and pension plans into the digital customer journeys of partner companies. Their market position is that of a Swiss pioneer in embedded and open finance, supported by a robust banking infrastructure and regulatory compliance. Technically, the website is built on Umbraco CMS with modern JavaScript libraries like Swiper.js and jQuery, and employs Cookiebot for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate is a critical security gap. The security posture shows strengths in regulatory compliance and consent management but weaknesses in transport security and DNS security features. Overall, the business is well-positioned in the Swiss finance sector with a clear focus on embedded finance, but should urgently address SSL and DNS security to improve trust and compliance.

F

Finstar AG

finstar.ch

0

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

H

Hypothekarbank Lenzburg AG

hblasset.ch

0

HBL Asset Management, a brand of Hypothekarbank Lenzburg AG, operates a professional asset management and investment product platform targeting private investors primarily in Switzerland. The website offers financial market news, investment insights, and profiling tools to support investor decision-making. Technically, the site is built on the Umbraco CMS and integrates several modern web technologies including Google Analytics, Cookiebot for GDPR-compliant cookie consent, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. While cookie consent and privacy policies are well implemented, the absence of SSL/TLS and security headers exposes users to risks. The company maintains a strong digital presence with social media integration and clear contact information, but should urgently address security gaps to protect user data and enhance trust.

S

SCHUFA

schufa.de

0

SCHUFA is a major German credit bureau specializing in credit scoring and risk assessment services for consumers and businesses. The website is currently protected by a FriendlyCaptcha challenge, indicating active bot mitigation measures. However, the site lacks visible privacy, cookie, or terms of service policies on the captcha landing page, and no direct contact information is provided. The DNS configuration shows strong email authentication with SPF and DMARC policies, but the SSL/TLS configuration is critically lacking, with no valid certificate or secure protocols enabled. This presents a significant security risk for users and the business. The technical infrastructure relies on external captcha services and is hosted via United Domains nameservers. Performance is moderate but user experience and content quality are poor due to the captcha gate and lack of accessible content.

D

DKB AG

dkb-bank.de

0

DKB AG is a large German direct bank focused on sustainable banking services including checking accounts, loans, investments, and renewable energy financing. It holds a strong market position as one of the top 20 banks in Germany by balance sheet size and is recognized for its sustainability leadership with ISS ESG Prime-Status. The website is built on modern web technologies including Nuxt.js and Contentful CMS, offering excellent mobile optimization and user experience. However, the SSL configuration is currently misconfigured with a self-signed certificate and no supported TLS protocols, representing a significant security risk. Security headers are present but could be enhanced with better SSL/TLS setup and HSTS configuration. Overall, the bank demonstrates strong trust indicators and compliance with GDPR and cookie policies, supported by comprehensive privacy and terms of service documentation.

D

DKB Grund GmbH

dkb-grund.de

0

DKB Grund GmbH is a German real estate company specializing in property sales, financing, insurance, and investment services. With over 25 years of experience, it serves private and commercial clients across Germany. The website presents a comprehensive portfolio of services including property valuation, financing certificates, and energy-saving advice, supported by a strong regional presence and recognized industry partnerships. Technically, the site uses modern web technologies and analytics tools but currently lacks a valid SSL certificate, which impacts its security posture. The company demonstrates good GDPR compliance with a clear privacy and cookie policy and employs consent management tools. However, there is no explicit security policy or incident response information available. Overall, the website is professionally designed, user-friendly, and trustworthy, but the lack of HTTPS is a critical security gap that should be addressed promptly.

A

ABIMÓVEL

brazilianfurniture.org.br

0

Brazilian Furniture is a project supported by ABIMÓVEL and Apex-Brasil focused on promoting the Brazilian furniture manufacturing sector and design industry. The website serves as a platform for industry news, events, and export promotion, targeting furniture professionals, designers, and international buyers. The site demonstrates a moderate level of digital maturity with use of common web technologies and marketing tools but suffers from significant security shortcomings, including an invalid SSL certificate and lack of security headers. The absence of privacy and cookie policies indicates compliance gaps. Overall, the business is well positioned within its sector but should improve its digital security and compliance posture to enhance trust and protect user data.

F

Finance Forward

financefwd.com

0

Finance Forward operates as a leading German-language online media platform specializing in new finance topics such as fintech, blockchain, and banking. The website offers a comprehensive range of services including news articles, podcasts, newsletters, and event information, targeting professionals and enthusiasts in the finance sector. The business model is centered on digital content delivery with monetization through advertising and partnerships. The company maintains a strong market position as a trusted source for fintech and finance news in Germany, supported by consistent branding and high-quality content.

S

Saulės spektras, UAB

auto.lt

0

Auto.lt is a Lithuanian online business directory specializing in automotive-related companies and services. It offers comprehensive search capabilities, user reviews, expert advice, job listings, and map-based navigation to serve both businesses and consumers in Lithuania's automotive sector. The platform is operated by Saulės spektras, UAB, positioning itself as a key local player with a consistent brand and good content quality. Technically, the website uses modern JavaScript libraries, Google Analytics, and a custom CMS hosted by Hostex. While the site supports TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, it lacks DNSSEC, HSTS, and OCSP stapling, which are recommended for enhanced security. The cookie and privacy policies are comprehensive and GDPR compliant, with active consent mechanisms. Performance is moderate to slow due to large page size and resource count, but mobile optimization and SEO are well addressed. Overall, the site demonstrates a solid digital presence with room for security and performance improvements.

S

Saulės spektras, UAB

turizmas.lt

0

Turizmas.lt is a Lithuanian tourism portal operated by Saulės spektras, UAB, providing a comprehensive directory of travel-related services including accommodation, rural tourism, travel agencies, and leisure activities. The platform targets both local and international tourists seeking detailed information and booking options within Lithuania. The website demonstrates a solid market position as a national tourism information hub with a medium-sized business model based on listings and advertising revenue. Technically, the site uses a modern but somewhat traditional tech stack including Google Analytics, Bootstrap, and CKEditor, hosted by Hostex.lt. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site employs a valid SSL certificate with strong cipher suites but lacks advanced DNS security features such as DNSSEC and CAA records. Cookie and privacy policies are comprehensive and GDPR compliant, with a consent mechanism implemented. However, there is no visible terms of service or incident response policy. Overall, the site is professional, trustworthy, and well-branded, but could improve security posture and transparency in some areas.

S

Saulės spektras, UAB

medicina.lt

0

Medicina.lt is a Lithuanian healthcare information portal operated by Saulės spektras, UAB, providing a comprehensive directory of medical institutions, pharmacies, medical equipment suppliers, and expert advice. The site targets Lithuanian healthcare consumers seeking medical services, products, and professional guidance. It holds a strong market position as a trusted source for healthcare-related information with multilingual support and user engagement features such as reviews and Q&A with experts. Technically, the site uses a custom CMS with JavaScript libraries, Google Analytics, and Google Maps API, hosted by Hostex. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to an invalid SSL certificate and lack of HTTPS, no DNSSEC, and missing security headers, which poses risks to user data confidentiality and trust. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms implemented. Overall, Medicina.lt is a well-established healthcare portal with room for critical security improvements to protect users and enhance trust.

S

Saulės spektras, UAB

statyba.lt

0

Statyba.lt is a comprehensive Lithuanian online business directory specializing in the construction sector, offering company listings, expert advice, job postings, and industry articles. Operated by Saulės spektras, UAB, it serves as a key platform for connecting construction-related businesses and consumers in Lithuania. The website demonstrates a solid market position with a broad range of services and active content updates. Technically, the site uses modern JavaScript frameworks, Google Analytics, and Google Fonts, hosted by Hostex, but suffers from slow load times due to large page size and resource count. Security-wise, it employs TLS 1.2 with strong cipher suites but lacks TLS 1.3, HSTS, OCSP stapling, and DNSSEC, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with clear user consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile use, though performance improvements are advisable.

P

PMHinvestments

pmhinvestments.com

0

PMH Investments is a Dutch investment company focused on small and medium-sized enterprises with strong growth potential (scale-ups). The company positions itself as an active investor providing not only capital but also strategic, financial, and coaching support to entrepreneurs. Their market niche is well-defined within the Dutch finance sector, targeting growing businesses. The website is built on WordPress with a solid SEO foundation and multilingual support, indicating a moderate level of digital maturity. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. Tracking and analytics are implemented via Google Tag Manager and WPMU DEV Analytics, but no cookie consent mechanism is present, which may raise compliance concerns. Overall, the security posture is basic with significant room for improvement, especially in SSL/TLS configuration and email security policies. Strategic recommendations include securing the website with a valid SSL certificate, implementing DMARC, and enhancing transparency around privacy and security policies.

S

SoftBank Group Corp.

softbank.com

0

SoftBank Group Corp. is a leading multinational holding company specializing in technology investments and telecommunications. The company operates significant investment funds such as the SoftBank Vision Fund and Latin America Fund, focusing on AI and breakthrough technologies to drive sustainable growth. The website reflects a mature digital presence with comprehensive investor relations, sustainability initiatives, and corporate governance information. Technically, the site uses modern frameworks like Next.js and React, hosted likely on AWS infrastructure, with integrations for analytics and performance monitoring. However, the current SSL/TLS configuration is invalid, posing a critical security risk that undermines user trust and data protection. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy and cookie policies. Overall, SoftBank's digital footprint is professional and content-rich but requires urgent security improvements to align with best practices.

N

Nomupay

nomupay.com

0

Nomupay is a payment solutions provider offering a comprehensive suite of services including global acquiring, online payments, payouts, and fraud prevention tools. Positioned as a global payment platform with local licenses and extensive payment method coverage, Nomupay targets businesses seeking seamless and scalable payment processing solutions. The website demonstrates a mature digital presence with WordPress CMS, Oxygen Builder, and multilingual support via TranslatePress. Integration of Google Analytics, Tag Manager, and LinkedIn Insight indicates moderate user tracking and marketing sophistication. However, the absence of a valid SSL certificate and lack of TLS support represent significant security vulnerabilities that undermine user trust and data protection. While privacy and cookie policies are present and GDPR compliant, the site lacks explicit security and incident response documentation. Overall, Nomupay presents a professional and trustworthy brand but requires urgent security improvements to safeguard its digital assets and customer data.

P

Plataforma Brasil Exportação

brasilexportacao.com.br

0

Plataforma Brasil Exportação is a comprehensive online platform operated by Apex Brasil, serving as the largest community for foreign trade in Brazil. It offers a wide range of services including logistics, financial solutions, business opportunities, export training courses, market studies, and event calendars, targeting Brazilian companies aiming to expand their export capabilities. The platform leverages modern web technologies such as WordPress, WooCommerce, Elementor, and Algolia Search to deliver a rich user experience, although its performance is currently hindered by slow load times and a lack of SSL/TLS encryption. Security posture is weak due to the absence of valid SSL certificates and essential security headers, exposing the platform to potential risks. Despite these vulnerabilities, the platform demonstrates good SEO practices and maintains a strong social media presence, enhancing its market position. Strategic improvements in security and performance are recommended to safeguard user data and improve trust.

A

ApexBrasil

investinbrasil.com.br

0

ApexBrasil operates as the Brazilian government's official trade and investment promotion agency, providing comprehensive support and information to international investors interested in Brazil. The website serves as a detailed portal showcasing Brazil's economic strengths, key investment sectors, and regional opportunities, positioning ApexBrasil as a critical facilitator for foreign direct investment. Technically, the site is built on Adobe Experience Manager, leveraging Adobe's marketing and analytics tools, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. While security headers are partially implemented, the absence of a valid SSL certificate and modern TLS protocols presents significant risks. Contact information is clearly presented with official emails and physical addresses, enhancing trust. However, the lack of visible privacy, cookie, and terms of service policies indicates compliance gaps. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain credibility.

I

Invalid Dynamic Link

tcssistemas.com

0

The website at tcssistemas.com currently serves an error page indicating an invalid dynamic link, with no substantive business or contact information presented. The domain is registered and uses Azure DNS hosting, but the SSL configuration is severely lacking, with no valid certificate or secure protocols enabled. There is no evidence of privacy, cookie, or terms of service policies, nor any contact or security policies. The site lacks any metadata, structured data, or scripts that would indicate a mature digital presence. Overall, the website appears non-operational or misconfigured, providing no meaningful content or business insight. The security posture is weak due to missing SSL and security headers, exposing visitors to potential risks. Performance is slow despite minimal content, and no mobile or SEO optimizations are evident.

O

Orchestra Brasil

orchestrabrasil.com.br

0

Orchestra Brasil is a Brazilian project focused on promoting and supporting the internationalization of suppliers in the furniture manufacturing industry. It acts as a bridge between Brazilian suppliers and global markets, facilitating export activities and participation in major international trade fairs. The project is well-established with over a decade of experience and supports nearly 100 qualified Brazilian companies exporting to more than 90 countries. The website serves importers, manufacturers, distributors, and retailers in the furniture sector, providing information and contact channels to engage with Brazilian suppliers. Technically, the website is built on WordPress and leverages common plugins such as Contact Form 7, Yoast SEO, and GDPR compliance tools. It uses Google Analytics and Facebook Pixel for tracking and marketing automation via Mautic. The hosting provider is KingHost, and the SSL certificate is valid but lacks advanced security configurations like HSTS and security headers. Performance is relatively slow due to a large page size and many resources, but mobile optimization and SEO are adequately addressed. From a security perspective, the site implements basic protections including SSL and invisible reCAPTCHA on forms, along with a cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit privacy policies, terms of service, security policies, and incident response information. No vulnerability disclosure or security.txt files were found. The overall security posture is moderate but could be improved with enhanced HTTP headers, DNSSEC, and published security documentation. Overall, Orchestra Brasil presents a professional and consistent online presence supporting Brazilian furniture industry exporters. Strategic improvements in security and compliance documentation would enhance trust and reduce risk exposure.

P

Prêmio Salão Design

salaodesign.com.br

0

Prêmio Salão Design operates a Brazilian-focused design award platform that integrates designers and industries through contests, virtual catalogs, and galleries. The website is built on WordPress with a mature technical stack including SEO optimization and multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which poses a significant security risk to users. While cookie consent mechanisms are implemented, no explicit privacy policy or terms of service pages were found, indicating compliance gaps. The site maintains partnerships with multiple industry organizations and sponsors, reflecting a solid market presence in the design sector.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

C

Confederação Nacional da Indústria (CNI)

portaldaindustria.com.br

0

The Portal da Indústria website serves as a comprehensive digital platform representing the Confederação Nacional da Indústria (CNI) and its associated institutions SESI, SENAI, and IEL. It provides industry news, educational resources, statistical data, and compliance information targeted primarily at the Brazilian industrial sector and related stakeholders. The site demonstrates consistent branding and a broad content offering that supports its position as a leading industry portal in Brazil. Technically, the site leverages modern JavaScript libraries and is hosted on Microsoft Azure, but suffers from critical security shortcomings including an invalid SSL certificate and lack of HTTPS enforcement. The presence of cookie consent mechanisms and privacy policy pages indicates some compliance awareness, though GDPR compliance is uncertain. Overall, the site offers good user experience and content relevance but requires urgent security improvements to protect user data and enhance trust.

D

DataSebrae

datasebrae.com.br

0

DataSebrae is a Brazilian government-affiliated platform focused on providing data intelligence and research to support micro and small businesses. It offers a variety of studies, thematic research, and infographics to help entrepreneurs and policymakers make informed decisions. The platform is linked to Sebrae, a well-known Brazilian institution supporting small businesses, which strengthens its market position and trustworthiness. Technically, the website is built on WordPress using Bootstrap and jQuery, with integrations for Google Analytics, Google Tag Manager, and Mailchimp for marketing and analytics. However, the site suffers from an invalid SSL certificate, no advanced security headers, and lacks DNSSEC, which poses security risks. The site is moderately optimized for mobile and accessibility but has slow load times. No explicit privacy, cookie, or terms of service policies were found, indicating compliance gaps. Overall, the platform serves as a valuable resource for its target audience but requires significant improvements in security and compliance to protect users and data.

D

Deen - Agência de Marketing Digital

deen.com.br

0

Deen - Agência de Marketing Digital is a small Brazilian digital marketing agency specializing in branding, social media, and website development services. The company targets businesses seeking to enhance their digital presence, primarily within Brazil. The website highlights notable clients and awards, positioning Deen as a recognized player in the digital marketing sector. Technically, the website employs multiple marketing and analytics tools such as Google Analytics, Hotjar, LinkedIn Insight Tag, and Jivochat, indicating a moderate level of digital maturity. However, the site suffers from significant security shortcomings, including an invalid SSL certificate, lack of HTTPS enforcement, and absence of essential security headers and DNS security features. These issues expose the site and its visitors to potential risks and undermine trust. Overall, while the business demonstrates good branding and content quality, the technical and security posture requires urgent improvement to align with industry best practices and regulatory compliance.

S

Short&Sweet Marketing

shortandsweet.com.br

0

Short&Sweet Marketing is a Brazilian digital marketing agency specializing in data-driven performance marketing, including SEO, inbound marketing, PPC, and lead generation. Positioned as an RD Station Silver Partner, the company demonstrates a strong market presence with over 15 years of experience and a portfolio of successful client case studies. The website reflects a professional and consistent brand image targeting businesses seeking to enhance their digital sales channels. Technically, the site is built on modern frameworks such as React and Next.js, utilizing Material-UI for UI components, and integrates various marketing and analytics tools including Google Analytics, Google Tag Manager, and reCAPTCHA for security. However, the absence of a valid SSL certificate and lack of HTTPS support represent significant security weaknesses. The site implements basic email security measures like SPF and DMARC but lacks advanced security headers and practices. Overall, the digital infrastructure supports the business model but requires urgent improvements in security to protect data and enhance user trust.

R

RBA +

rba.com.br

0

Security assessment completed with an overall score of 50/100 (unknown risk). 12 high-priority issues should be addressed promptly. Total of 25 security findings identified across all modules.

F

FoccoLOJAS

foccolojas.com.br

0

FoccoLOJAS is a specialized software-as-a-service platform focused on providing comprehensive management solutions for furniture retail stores in Brazil. The company offers a 100% web-based system that integrates all store processes from customer entry to product delivery, aiming to increase sales efficiency and profitability. Their key services include sales management, budgeting and negotiation tools, client portfolio management, mobile applications for remote management, and business intelligence analytics. The business is positioned as a trusted partner for over 2,000 furniture stores nationwide, supported by a strong brand presence and customer testimonials. Technically, the website is built on WordPress with the Elementor framework, utilizing a variety of modern web technologies and third-party integrations such as Cloudflare for DNS and CDN services, Cookiebot for cookie consent management, and multiple analytics and marketing tools including Google Analytics, Hotjar, and Microsoft Application Insights. Despite a rich technology stack, the website suffers from performance issues due to a large number of resources and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the site has implemented SPF for email protection but lacks DMARC, DNSSEC, and CAA records, and does not have a valid SSL certificate or HSTS enabled. The extensive use of third-party tracking and marketing scripts indicates a high level of user data collection, though managed through Cookiebot's consent mechanism. No explicit security policy, incident response, or data protection officer information is found, indicating potential gaps in formal security governance. Overall, FoccoLOJAS presents a mature business with a specialized market focus and a comprehensive digital presence. However, its security posture requires significant improvements, particularly in SSL/TLS configuration and formal security policies, to enhance trust and compliance. Performance optimization and clearer contact information would also benefit user experience and credibility.

S

sysmkt.com.br is almost here!

sysmkt.com.br

0

The website sysmkt.com.br currently serves as a placeholder page hosted by DreamHost, indicating that the domain owner has not yet uploaded any website content. There is no business information, contact details, or services described on the site. The technical infrastructure is minimal, relying on DreamHost's hosting and CloudFront CDN for static content delivery. Performance is poor with a high load time relative to the minimal content served. Security posture is weak, as no SSL/TLS certificate is installed, resulting in no HTTPS support and lack of essential security headers or policies. DNS configuration is standard with valid SPF records but lacks DNSSEC and DMARC, which are important for email and domain security. Overall, the site is not production-ready and lacks any compliance or security documentation.

M

Mktnow

mktnow.com.br

0

Mktnow is a Brazilian digital marketing agency specializing in performance-driven advertising and e-commerce solutions, with a strong focus on the VTEX platform. The company offers a comprehensive suite of services including campaign management, design, development, email marketing, social media, and marketplace integration. Positioned as a medium-sized agency, Mktnow leverages partnerships with major platforms such as Google, Facebook, and HubSpot to deliver measurable results for clients. Technically, the website infrastructure is supported by Cloudflare DNS and uses multiple modern marketing and analytics tools, though performance optimization could be improved given the slow load times and large page size. Security posture is basic with a valid SSL certificate but lacks advanced protections such as HSTS, DNSSEC, and DMARC, which are recommended to enhance trust and email security. The site employs extensive user tracking via multiple analytics and marketing scripts, balanced by a cookie consent mechanism. Overall, Mktnow demonstrates a solid digital presence and marketing maturity but should address security and privacy policy gaps to strengthen compliance and user trust.

C

Contentserv

contentserv.com

0

Contentserv is an enterprise-level technology company specializing in AI-powered Product Experience Management (PXM) cloud solutions. Recently acquired by Centric Software, Contentserv offers a comprehensive suite of services including Product Information Management, Digital Asset Management, and Multichannel Publishing, targeting marketers, product teams, and IT professionals. The website is built on HubSpot CMS and integrates multiple marketing and analytics tools, demonstrating a mature digital infrastructure. However, the current SSL/TLS configuration is invalid, posing a significant security risk. While privacy and cookie policies are present and GDPR compliant, there is no explicit security policy or incident response information publicly available. Overall, the company maintains a strong market position with excellent branding and content quality but should urgently address its SSL/TLS issues and enhance transparency around security practices.

S

Spryker Systems GmbH

spryker.com

0

Spryker Systems GmbH operates a leading digital commerce platform tailored for enterprise B2B, B2C, and marketplace solutions. Recognized as a leader by Gartner and IDC, Spryker offers a modular, cloud-capable commerce stack that supports diverse business models and sophisticated commerce needs. The company targets enterprise clients seeking scalable and extensible commerce technology with a strong partner ecosystem. Technically, the website is built on WordPress with integrations including HubSpot, Google Analytics, and Cloudflare for hosting and DNS. While the site demonstrates good SEO and content quality, performance is slow with a high load time and large page size. Mobile optimization is good, but accessibility could be improved. From a security perspective, Spryker has implemented SPF and DMARC DNS records, indicating attention to email security and domain protection. However, the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a critical security concern. Other best practices like HSTS, DNSSEC, and OCSP stapling are not implemented, reducing the overall security posture. Overall, Spryker presents a strong market position and business model but should urgently address its SSL/TLS configuration and enhance security headers to protect its digital assets and customer trust. The website's comprehensive privacy and cookie policies, along with consent mechanisms, reflect good compliance with GDPR requirements.

S

Sylius

sylius.com

0

Sylius is a leading open source headless eCommerce platform targeting mid-market and enterprise brands requiring custom solutions. It leverages modern development practices and Symfony framework to provide a highly customizable and scalable platform. The company maintains a strong community with over 650 contributors and 7000+ merchants using its solutions. Technically, the website is built on WordPress with integrations of modern tools like API Platform, Docker, Kubernetes, and various analytics and marketing services. Security posture is good with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC are recommended. The site demonstrates extensive tracking and marketing activities, balanced with privacy compliance mechanisms. Overall, Sylius presents a professional, trustworthy, and technically mature digital presence.

S

SecureServer

secureserver.net

0

SecureServer.net operates as a comprehensive web services provider specializing in domain registration, hosting, website building, email, SSL certificates, and website security solutions. The company targets a broad audience including businesses, resellers, and individual customers, offering a reseller program and multi-market support. Their market position is that of an established enterprise-level provider with a global footprint and a focus on reseller sales. The website content and structure reflect a professional and consistent brand with good quality content and user experience.

S

Sendcloud

sendcloud.dev

0

Sendcloud is a technology company specializing in shipping automation and logistics integration through a developer-focused API platform. Their developer portal provides comprehensive API documentation and supports integration with over 50 platforms and 80 carriers, positioning them as a significant player in the e-commerce shipping technology sector. The website targets developers and businesses looking to streamline shipping processes via API integrations. Technically, the site is built using the Hugo static site generator, hosted on AWS infrastructure, and employs modern TLS protocols with a wildcard SSL certificate. Performance is moderate with good mobile optimization and basic SEO and accessibility features. Security posture is solid with no known SSL vulnerabilities and support for TLS 1.3, but lacks advanced security headers, HSTS, DMARC, and OCSP stapling. The site includes a cookie consent mechanism and links to a privacy policy but lacks visible terms of service, security policy, or incident response information. Overall, the site demonstrates a good level of professionalism and trustworthiness but could improve security and compliance transparency.

G

group.one

jobs.one

0

group.one is a large technology company operating primarily in the DACH region, providing a broad range of IT services including domain registration, web hosting, cloud servers, digital marketing, and SaaS solutions. The company supports over 1,300 employees and serves more than one million customers through multiple brands. Their market position is strong with a diversified portfolio of partner brands and a focus on customer success and team development. Technically, the website uses modern web technologies including a Teamtailor recruitment widget and a consent management platform, but lacks a valid SSL certificate and several security best practices, which impacts the overall security posture. The cookie consent mechanism and privacy notice indicate good GDPR compliance, but the absence of security policies and incident response information suggests room for improvement in security governance. Overall, the website is professionally designed with good user experience and trust indicators, but the technical security gaps present a moderate risk that should be addressed.

P

Profihost GmbH

profihost-status.com

0

Profihost GmbH operates a status page providing real-time and historical operational information for its cloud and hosting services. The company targets its customers and subscribers who require transparency on service availability. The website leverages the Hund.io platform for status management and is hosted by Dogado GmbH. The technical infrastructure includes standard web fonts, cookie consent mechanisms, and Google Analytics for tracking. However, the website lacks a valid SSL certificate and modern TLS support, which poses security risks. Privacy policies and terms of service are linked but hosted externally, with GDPR compliance noted but not fully ensured. Overall, the site demonstrates moderate digital maturity but requires significant security improvements.

K

KAMP Netzwerkdienste GmbH

kamp.de

0

KAMP Netzwerkdienste GmbH is a medium-sized German IT service provider specializing in colocation, cloud services, and data center operations. The company holds multiple ISO certifications including ISO 27001 and ISO 14001, positioning itself as a trusted and certified provider in the German market, particularly in the Ruhr region. Their offerings include server housing, private server rooms, cloud-based virtual data centers, and specialized health-care IT services, targeting businesses requiring secure and flexible IT infrastructure solutions. The company enjoys a strong market position, recognized by industry awards and analyst reports such as ISG Provider Lens. Technically, the website is built on TYPO3 CMS with Bootstrap framework, employing modern web technologies and a cookie consent mechanism compliant with GDPR. Performance is moderate with good mobile optimization and SEO practices. Security posture is solid with strong TLS 1.2 configuration and no known vulnerabilities, though improvements are recommended in email authentication (DMARC), DNS security (DNSSEC), and HTTPS hardening (HSTS). Overall, KAMP demonstrates a mature digital presence aligned with its business focus on secure and certified IT infrastructure services.

A

AGIQON GmbH

agiqon-shopware.de

0

AGIQON GmbH is a specialized full-service Shopware agency based in Germany, focusing on B2B and medium-sized enterprises. They hold a strong market position as a Shopware Platinum Partner with extensive certifications and a portfolio of over 200 projects and 100 custom plugins. Their services encompass strategic consulting, technical implementation, and ongoing support for Shopware 6 e-commerce platforms. Technically, the website is built on HubSpot CMS with integrations for marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, the site currently suffers from critical security shortcomings including an invalid SSL certificate, lack of modern TLS protocols, and missing DNS security features like DNSSEC and DMARC. Despite these issues, the site demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. The overall digital maturity is moderate with room for improvement in security and performance.

W

Webmatch

webmatch.de

0

Webmatch is a Cologne-based e-commerce agency with over 15 years of experience, specializing in tailored e-commerce strategies and platform implementations for B2C, D2C, and B2B clients. The company holds a strong market position as a Shopware Gold Partner and a trusted partner for major clients such as Toyota, TAMRON, ADAC, and Wolters Kluwer. Their service portfolio includes business consulting, UX & design, tech development, growth & engagement, and data management. Technically, Webmatch leverages modern technologies including Shopware, commercetools, Algolia, and Storyblok, hosted on specialized platforms like maxcluster, and employs best practices in web performance and accessibility. Security-wise, the website uses strong TLS configurations and SPF/DMARC email protections but lacks DNSSEC, CAA records, and HSTS enforcement. Cookie consent is managed via Usercentrics, ensuring GDPR compliance. Overall, Webmatch demonstrates a mature digital infrastructure with a professional and trustworthy online presence.

I

IFRS Foundation

ifrs.org

0

The IFRS Foundation is a globally recognized non-profit organization dedicated to developing and promoting international accounting and sustainability disclosure standards. It operates through two main boards, the IASB and ISSB, serving a diverse audience including academics, investors, regulators, and preparers. The Foundation maintains a strong market position with adoption in over 140 jurisdictions and offers licensing, digital subscriptions, and professional credentials as part of its service portfolio. Technically, the website is built on Adobe Experience Manager, hosted on Microsoft Azure, and integrates modern analytics and user experience tools such as Adobe Analytics, Google Tag Manager, and Hotjar. The site demonstrates good performance and accessibility standards with a comprehensive cookie consent mechanism and privacy policy aligned with GDPR requirements. Security posture is solid with modern TLS protocols, valid SPF and DMARC records, and OCSP stapling, though improvements are recommended in DNS security and email policy enforcement. Overall, the IFRS Foundation website reflects a mature digital presence with high-quality content, consistent branding, and robust trust indicators.

R

RegioHelden GmbH

stroeer-online-marketing.de

0

RegioHelden GmbH, operating under the brand Ströer Online Marketing, is a large German media company specializing in local and measurable online marketing services for small and medium-sized enterprises. They hold a strong market position as one of the largest providers in Germany, offering a broad portfolio including Google Ads, SEO, directory listings, website creation, and social media advertising. Their digital presence is supported by a modern WordPress-based infrastructure with integrated analytics and consent management tools, reflecting a mature digital marketing operation. Security-wise, the company employs good SSL configurations, DNS security records like SPF and DMARC, and a comprehensive cookie consent mechanism, although there is room for improvement in HTTP security headers and vulnerability disclosure practices. Overall, the company demonstrates a high level of professionalism and trustworthiness, with clear contact channels and strong branding.

S

Ströer X GmbH

stroeer-x.de

0

Ströer X GmbH is a large German-based outsourcing partner specializing in dialog marketing, sales, and customer experience services. As part of the Ströer Group, it leverages the strength of a major corporation combined with the agility of a mid-sized service provider. The company offers a broad portfolio including customer service, digital transformation, social media management, and value-added services such as chat software and AI automation. Their market position is strong within media and related sectors, serving clients across multiple industries including e-commerce, energy, financial services, telecommunications, and tourism. Technically, the website is built on TYPO3 CMS and integrates modern marketing and analytics tools like Google Tag Manager, TikTok Pixel, and HubSpot forms, with GDPR-compliant cookie consent managed by Cookiebot. However, the site currently lacks a valid SSL certificate and modern TLS support, which is a critical security concern. Security policies such as SPF and DMARC are properly configured, but DNSSEC and other advanced DNS security measures are absent. Overall, the company demonstrates good digital maturity but needs to address fundamental security gaps to protect user data and maintain trust.

E

Edgar Ambient Media Group GmbH

edgar.de

0

Edgar Ambient Media Group GmbH is a leading German media company specializing in integrated digital and analog advertising solutions across high-traffic indoor urban touchpoints. With over 60,000 advertising carriers, the company holds a strong market position as a premier provider of DOOH, Ambient, and Live Media campaigns. Their business model focuses on authentic communication solutions for advertisers targeting urban audiences. Technically, the website is built on Webflow with modern JavaScript libraries for animation and smooth user experience, supported by a managed hosting provider. However, the current SSL/TLS configuration is invalid, which poses a significant security risk despite the presence of HSTS and email authentication records. The company demonstrates good privacy compliance with GDPR-aligned policies and consent mechanisms. Overall, Edgar Ambient Media Group GmbH presents a professional and trustworthy digital presence with room for critical security improvements.

S

Ströer Media Deutschland GmbH

stroeer-direkt.de

0

Ströer Media Deutschland GmbH operates as a leading regional online and outdoor advertising provider in Germany, offering a broad portfolio of advertising media including street, station, shopping center, and airport placements, as well as digital marketing services such as Google Ads, SEO, and native advertising. The company holds a strong market position as a major German advertising marketer with exclusive media spaces across cities and municipalities. Technically, the website is built on WordPress with a custom theme and plugins, leveraging Matomo for privacy-conscious analytics and Klaro for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS configurations, which poses a significant security risk. The DNS setup uses Cloudflare but does not implement DNSSEC or CAA records, further limiting DNS security. While privacy compliance is well addressed through cookie consent and a comprehensive privacy policy, the absence of terms of service, security policies, and incident response information indicates gaps in transparency and security governance. Overall, the website demonstrates good content quality, user experience, and branding consistency but requires urgent improvements in transport security and security headers to protect user data and enhance trust.

S

Ströer SE & Co. KGaA

stroeer.com

0

Ströer SE & Co. KGaA is a leading German media company specializing in Out-of-Home (OOH) advertising, digital advertising, dialog marketing, and e-commerce services. Listed on the MDAX, Ströer holds a strong market position in Germany with a comprehensive portfolio of advertising solutions supported by subsidiaries and partner companies. The company emphasizes sustainability and diversity, aiming for CO2 neutrality by 2025 and fostering an inclusive work environment. Technically, the website is built on TYPO3 CMS with modern frontend technologies like Alpine.js and uses Cloudflare for DNS and CDN services. Analytics are managed via Matomo, and cookie consent is handled by Cookiebot, ensuring GDPR compliance. Security posture is solid with valid SSL certificates, SPF and DMARC records, but lacks advanced DNS security features like DNSSEC and CAA records. The site does not currently publish a security policy or incident response plan publicly. Overall, the website demonstrates a professional, trustworthy, and well-maintained digital presence aligned with business goals and regulatory requirements.