Security Directory

A

ApexBrasil

apexbrasil.com.br

0

ApexBrasil is a Brazilian government agency dedicated to promoting Brazilian exports and attracting foreign investments across multiple sectors including energy, agribusiness, infrastructure, and innovation. The website reflects a mature digital presence with comprehensive content targeting Brazilian exporters, foreign investors, and companies seeking international expansion. The agency leverages advanced technologies such as Adobe Experience Manager CMS, multiple analytics and marketing tools, and strong SSL configurations to deliver a professional and trustworthy user experience. Security posture is solid with modern TLS protocols and SPF/DMARC email protections, though improvements are recommended in DNSSEC deployment, HSTS enforcement, and explicit security policies. The site demonstrates good compliance with privacy regulations including LGPD and GDPR through cookie consent mechanisms and privacy policies. Overall, ApexBrasil's digital infrastructure supports its mission effectively while maintaining a high level of professionalism and trust.

A

ABIMÓVEL - Associação Brasileira das Indústrias do Mobiliário

abimovel.com

0

ABIMÓVEL is a Brazilian industry association focused on representing and supporting the furniture manufacturing sector. The organization promotes export initiatives, sustainability programs, design integration, and regulatory compliance education to enhance the competitiveness of its members. The website serves as a portal for industry news, projects, and resources, targeting furniture manufacturers, designers, and exporters primarily in Brazil but with international outreach. Technically, the website is built on WordPress with Elementor and various Jet plugins, hosted on Locaweb infrastructure. However, the site lacks a valid SSL certificate and modern TLS support, which undermines its security posture. There are no visible privacy or cookie policies, and no formal security or incident response policies are published. Social media presence and contact forms indicate active engagement and data collection, but privacy compliance appears minimal. Overall, the site is professionally designed but requires significant security and compliance improvements to meet modern standards.

M

MOVERGS - Associação das Indústrias de Móveis do Estado do RS

movergs.com.br

0

MOVERGS is a regional industry association focused on supporting and strengthening the furniture manufacturing sector in Rio Grande do Sul, Brazil. The organization provides member benefits, industry representation, event coordination, and sector data to its target audience of furniture manufacturers and related stakeholders. The website reflects a medium-sized organization with a solid regional presence and partnerships with recognized industry and governmental entities. Technically, the website uses a legacy technology stack including jQuery 1.7.2 and several JavaScript libraries for UI and media handling. It relies on Cloudflare for DNS but lacks a valid SSL certificate, resulting in no HTTPS support and poor security posture. Performance is slow with a large page size and many resources. SEO and accessibility are basic but functional. From a security perspective, the site has SPF and DMARC configured for email security but lacks critical HTTPS implementation, security headers, and DNSSEC. No incident response or vulnerability disclosure policies are found. Cookie consent is implemented, but GDPR compliance is uncertain. The overall security score is low, exposing the site and users to risks. Strategically, the site should prioritize obtaining a valid SSL certificate and enabling HTTPS, improve security headers and DNS configurations, and publish clear security and privacy policies. Enhancing technical modernization and performance will also improve user trust and engagement.

S

Sebrae

sebrae.com.br

0

Sebrae is a prominent Brazilian government-supported organization dedicated to fostering entrepreneurship and supporting micro and small businesses across Brazil. The website serves as a comprehensive portal offering free online courses, consulting services, digital tools, and extensive educational content tailored to entrepreneurs, individual microentrepreneurs (MEI), students, educators, and public agents. Sebrae holds a leading market position as a trusted non-profit entity with a large operational scale and a strong digital presence. Technically, the site is hosted on Google Cloud infrastructure, employs modern web technologies including Apache, Keycloak for authentication, and OneTrust for cookie consent, and integrates accessibility tools such as VLibras. The website demonstrates excellent design, mobile optimization, and SEO practices, ensuring a high-quality user experience.

O

Obispa Metalúrgica Ltda

obispadesign.com.br

0

Obispa Metalúrgica Ltda is a Brazilian manufacturing company specializing in the design and production of metal accessories with a focus on beauty, sophistication, and quality. With over 35 years of experience, the company offers multiple product collections and targets customers seeking high-quality metal accessory products. The website reflects a medium-sized enterprise with consistent branding and a good level of content quality. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery, Slick Carousel, FancyApps UI, and Livewire, hosted on Locaweb infrastructure. However, the website suffers from a lack of a valid SSL certificate and modern security configurations, which impacts its security posture negatively. The presence of Google Analytics and Tag Manager indicates moderate user tracking and marketing efforts. Overall, the company maintains a moderate trust level with clear contact information and privacy policies but requires significant improvements in security and compliance.

C

Cinex

cinex.com.br

0

Cinex is a Brazilian manufacturing company with Italian roots specializing in innovative glass and aluminum products for architectural and furniture applications. The company has a strong market presence with over two decades of experience, offering a diverse product portfolio including doors, frames, coatings, and partitions. Their business model focuses on combining technology, design, and sustainability to serve architects, designers, engineers, and end consumers. Technically, the website infrastructure leverages common web technologies such as jQuery, Glider.js, and Typekit fonts, hosted behind Cloudflare DNS services. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes users to significant risks. The company has implemented SPF and DMARC DNS records, indicating some email security awareness. Overall, the digital maturity is moderate with room for improvement in performance, security, and privacy compliance.

S

Sayerlack

sayerlack.com.br

0

Sayerlack is a leading Brazilian multinational specializing in the manufacturing and distribution of wood paints, varnishes, and stains, serving Latin America and over 90 countries globally. The company targets professionals such as architects, decorators, interior designers, carpenters, painters, and hobbyists, offering tailored solutions and extensive product lines. Their digital presence includes multilingual support, educational content, and interactive tools like digital color charts. Technically, the website employs modern front-end technologies including jQuery, Slick Carousel, FontAwesome, and Tailwind CSS, hosted on Microsoft Online infrastructure. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. From a security perspective, while basic email protection via SPF is configured and CSRF tokens are implemented in forms, the lack of HTTPS, HSTS, DMARC, and other security headers exposes the site to potential risks. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not fully addressed. No explicit security or incident response policies are found. Overall, Sayerlack's website reflects a mature business with strong market positioning but requires urgent security enhancements to protect user data and maintain trust. Strategic improvements in SSL deployment, security headers, and compliance frameworks are recommended to align with best practices and regulatory requirements.

B

Banrisul - Banco do Estado do Rio Grande do Sul, S.A.

banrisul.com.br

0

Banrisul is a large, state-owned multiple bank operating primarily in the southern region of Brazil, specifically Rio Grande do Sul. It offers a range of banking and financial services including commercial banking, development banking, leasing, real estate credit, financing, and investment. The website serves as a portal for internet banking and related services, targeting residents and businesses in its regional market. The business model focuses on public banking services with a regional market position. Technically, the website infrastructure appears outdated, using framesets and lacking modern web technologies or CMS indicators. Performance is moderate but mobile optimization and accessibility are poor. The absence of modern security protocols and an invalid SSL certificate indicate significant technical debt and security risks. No advanced frameworks or analytics tools are detected, and SEO is basic. From a security perspective, the site lacks a valid SSL certificate and does not support any TLS protocols, exposing users to potential risks. There are no HTTP security headers, no privacy or cookie policies, and no visible incident response or vulnerability disclosure mechanisms. This reflects a low security maturity level and potential compliance gaps with data protection regulations. Overall, the website requires urgent improvements in security posture, modernization of technical infrastructure, and implementation of privacy and compliance policies to enhance trust and protect users. Strategic investments in security and digital modernization are recommended to align with industry standards and regulatory requirements.

S

Sindmóveis Bento Gonçalves

sindmoveis.com.br

0

Sindmóveis Bento Gonçalves is a well-established industry union representing the furniture manufacturing sector in Bento Gonçalves, Brazil, since 1977. The organization plays a pivotal role in fostering development within the local and national furniture industry by providing a range of services including labor area support, digital certification, training, sector data, international committees, projects, and trade fairs. Their market position is significant within the manufacturing sector, supported by partnerships with key industry players and active engagement in events and communications. The website reflects a medium-sized entity with consistent branding and good content quality aimed at industry stakeholders and associated members. Technically, the website is built on WordPress with a custom theme and employs various modern web technologies such as lazy loading, Google Analytics, Google Tag Manager, Facebook Pixel, and reCAPTCHA for security. Hosting is provided by KingHost, and the site uses a valid SSL certificate, although some SSL metadata appears unusual. Performance is currently slow due to large page size and load times, but mobile optimization and SEO are handled well. Security practices include spam protection and SPF records for email, but lack advanced HTTP security headers and DNSSEC. From a security perspective, the site demonstrates basic to moderate maturity with valid SSL, anti-spam measures, and GDPR cookie consent mechanisms. However, it lacks explicit privacy and terms of service pages, security policies, incident response contacts, and vulnerability disclosure information. There is room for improvement in security headers, HSTS enforcement, and DNS security. Overall, the site is trustworthy and professional but would benefit from enhanced security and compliance documentation. Strategically, Sindmóveis should focus on improving website performance, implementing comprehensive security headers, publishing clear privacy and terms policies, and enhancing incident response readiness to strengthen trust and compliance with evolving data protection regulations.

J

JTL-Software GmbH

jtl-url.de

0

JTL-Software GmbH is a leading German provider of ERP and e-commerce software solutions tailored for online retailers. With a strong market presence in the DACH region and over 50,000 customers, JTL offers a comprehensive ecosystem including ERP systems, online shop platforms, warehouse management, marketplace integration, and middleware solutions. Their product suite supports B2C, B2B, and D2C business models, emphasizing flexibility and scalability. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates advanced analytics and marketing tools such as Google Tag Manager, Matomo, and Microsoft Clarity. Security-wise, the site employs strong TLS protocols and valid certificates but lacks DNSSEC, HSTS, and CAA records, which are recommended for enhanced security. The company demonstrates strong compliance with GDPR through detailed privacy and cookie policies and uses a robust consent management system. Overall, JTL maintains a high level of professionalism, trustworthiness, and digital maturity, positioning itself as a reliable partner in the e-commerce software market.

J

Just a moment...

webmatch.com

0

The website webmatch.com currently serves a Cloudflare anti-bot challenge page with no visible business content or metadata. There is no evidence of privacy, cookie, or terms of service policies, nor any contact information or social media presence. The DNS configuration is strict with SPF and DMARC rejecting unauthorized emails, but lacks DNSSEC and CAA records. The SSL/TLS configuration is critically deficient with no valid certificate and no modern TLS protocols enabled, exposing the site to potential security risks. Security headers are well implemented, but the lack of HTTPS undermines overall security posture. The site shows no analytics or advertising technologies, and performance metrics indicate no actual content delivery. Overall, the site appears to be either under maintenance, misconfigured, or intentionally restricted by Cloudflare protections, resulting in a poor user experience and low trustworthiness.

R

Reply

vanillareply.com

0

Vanilla Reply, a part of the Reply group, specializes in tailored e-commerce, CMS, and PIM solutions primarily serving the German market. The company leverages strong partnerships with leading technology providers such as Shopware, Sylius, Akeneo, Storyblok, and TYPO3 to deliver integrated and agile digital experiences. Their business model focuses on consulting, custom software development, and cloud-based operations, positioning them as a trusted medium-sized player in the e-commerce sector. Technically, the website employs modern web technologies including Google Tag Manager, reCAPTCHA, OneTrust for cookie consent, and Google Maps API. The hosting is managed via register.it with a valid SSL certificate supporting TLS 1.3 and 1.2, and OCSP stapling enabled. However, performance is somewhat slow with a page load time of over 8 seconds, indicating potential optimization opportunities. The site is well-optimized for mobile and accessibility, with good SEO practices. From a security perspective, the site demonstrates good practices such as strong TLS protocols and no known SSL vulnerabilities. However, it lacks DNSSEC, CAA records, and DMARC, which are recommended for enhanced DNS and email security. The cookie consent mechanism is robust and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, Vanilla Reply presents a professional and trustworthy digital presence with strong business and technical foundations. Strategic improvements in DNS security, email authentication, and performance optimization would further enhance their security posture and user experience.

8

Shopware Agentur 8mylez - Echte Experten aus Deutschland

8mylez.com

0

Security assessment completed with an overall score of 50/100 (unknown risk). 7 high-priority issues should be addressed promptly. Total of 26 security findings identified across all modules.

A

Afternic (GoDaddy Operating Company, LLC)

zenkod.com

0

The website zenkod.com is a domain sales landing page operated under the Afternic marketplace, a GoDaddy branded platform. It offers domain purchase services including price inquiries and buy now options, targeting individuals and businesses seeking premium domain names. The platform leverages modern web technologies such as React and Next.js, hosted on AWS infrastructure, with basic performance and accessibility optimizations. Security posture is weak due to lack of valid SSL certificates and missing security headers, although form protection via Google reCAPTCHA is implemented. The site integrates with trusted partners like Afternic and GoDaddy for domain transactions and payment processing. Overall, the site serves as a professional domain sales interface but requires significant security improvements to enhance trust and compliance.

N

Nagios | Open Source Monitoring and Network Management

nagios.org

0

Security assessment completed with an overall score of 50/100 (unknown risk). 9 high-priority issues should be addressed promptly. Total of 30 security findings identified across all modules.

B

banibis GmbH

banibis.com

0

banibis GmbH is a small Austrian technology company specializing in modular ERP software solutions tailored for small and medium-sized enterprises, particularly in the trade and service sectors. Their cloud-based ERP system offers comprehensive features including CRM, project management, purchasing and sales, and accounting, with a strong emphasis on customization and customer-centric support. The company maintains a professional online presence with clear contact information, social media integration, and compliance with GDPR and cookie consent regulations. Technically, the website is built on WordPress using the Divi theme, enhanced with various plugins for performance optimization, analytics, and user interaction. The infrastructure is hosted via domaintechnik.at, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security shortcomings that could impact user trust and data protection. From a security perspective, while the site implements SPF records and avoids common vulnerabilities like Heartbleed and POODLE, the lack of HTTPS and missing DMARC records are critical gaps. No explicit security or incident response policies are publicly available, which may affect the company's security posture and compliance readiness. Overall, banibis GmbH demonstrates a solid business and technical foundation with room for improvement in security practices. Addressing these vulnerabilities will enhance trust, compliance, and user confidence in their digital offerings.

I

interneX GmbH

internex.de

0

interneX GmbH is a small German company with a basic online presence primarily providing legal and contact information on its website. The company’s market position and detailed business services are not explicitly described, indicating a limited digital footprint. The website is minimalistic, with no advanced content or interactive features, targeting a general audience likely within Germany. Technically, the site is hosted on kasserver.com using Apache with HTTP/2 support and basic CSS styling. Performance is fast, but mobile optimization and accessibility are basic. Security posture shows support for modern TLS protocols without known vulnerabilities, but lacks advanced security headers such as HSTS and OCSP stapling. DNSSEC and DMARC are not implemented, which could expose the domain to DNS and email spoofing risks. Overall, the security score is moderate with room for improvement in compliance and best practices. The website does not include privacy or cookie consent mechanisms, which may impact GDPR compliance. Contact information is clearly provided, but no email addresses or social media links are present. Strategic recommendations include enhancing HTTPS security, implementing DNS and email protections, publishing a vulnerability disclosure policy, and improving privacy compliance to build trust and reduce risk.

P

profihost

profihost.de

0

Profihost is a well-established German managed hosting provider specializing in e-commerce hosting solutions tailored for online shops of various sizes. With 25 years of experience and strategic partnerships with platforms like Shopware, OXID, and Pimcore, they offer a comprehensive portfolio including managed servers, clusters, security services, and performance optimization. Their market position is strong within the German e-commerce hosting niche, supported by verified customer testimonials and a partner program. Technically, the website employs modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager and Consent Manager for analytics and privacy compliance. However, performance is somewhat slow with a load time over 8 seconds. Security posture is basic with no HSTS, OCSP stapling, DNSSEC, or DMARC records, though no critical vulnerabilities were detected. Overall, the company demonstrates a professional and trustworthy online presence with room for security enhancements.

A

Australian Mortgage Awards | Key Media

australianmortgageawards.com.au

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

P

PwC-Stiftung

pwc-stiftung.de

0

PwC-Stiftung is a German non-profit foundation focused on promoting economic ethics and cultural education through project funding and its own educational programs. The foundation operates several participatory programs such as Wirtschafts.Forscher!, Hör.Forscher!, and Kultur.Forscher!, targeting schools and students, especially addressing pandemic-related educational gaps and refugee integration. The website is built on WordPress with a moderate technical infrastructure including common plugins for SEO, sliders, and cookie management. Hosting is provided by IONOS, and the site includes structured data for SEO and social media optimization. However, the security posture is weak due to an invalid SSL certificate, lack of modern TLS protocols, and missing security headers and DNS security features. Cookie consent is implemented in compliance with GDPR, enhancing privacy protections. Overall, the site presents a professional and trustworthy image but requires urgent improvements in SSL and security configurations to protect users and data.

P

PricewaterhouseCoopers

pwcplus.de

0

PwC Plus is a specialized knowledge and research platform operated by PricewaterhouseCoopers, targeting primarily financial services professionals with additional focus on healthcare and public services sectors. The platform offers subscription-based access to quality-assured, daily updated content including legal norms monitoring, regulatory insights, and sector-specific modules. The website demonstrates a mature digital presence with multilingual support, user account management, and integration of professional content from trusted partners such as the IFRS Foundation. Technically, the site is hosted on Colt's infrastructure, uses modern TLS protocols, and employs Piwik PRO for analytics with a compliant cookie consent mechanism. Security posture is solid with DMARC enforcement and no critical SSL vulnerabilities, though improvements like enabling HSTS, DNSSEC, and CAA records could enhance security further. No explicit security or incident response policies are published, indicating an area for maturity growth. Overall, PwC Plus presents a professional, trustworthy, and content-rich platform aligned with PwC's global brand standards.

U

United Internet Media

united-internet-media.de

0

United Internet Media is a large, Germany-based exclusive media marketer for United Internet AG brands, offering a wide range of digital advertising and dialog marketing services including programmatic, native, display, video, and email marketing. The website is built on TYPO3 CMS and integrates advanced consent management tools such as PermissionClient and OneTrust, reflecting a mature approach to privacy compliance. Security measures include valid SSL with strong cipher suites, SPF and DMARC records with quarantine policies, though improvements like DNSSEC and HSTS are recommended. The site demonstrates good content quality, navigation, and user experience, targeting advertisers and marketers seeking comprehensive media solutions. Overall, the company maintains a high trustworthiness level with a solid digital presence.

S

Seven.One Entertainment Group GmbH

seven.one

0

Seven.One Entertainment Group GmbH is a leading German media and entertainment company specializing in TV broadcasting, streaming, advertising products, content production, and event and artist management. It operates multiple well-known TV and digital brands and is a subsidiary of ProSiebenSat.1 Media SE. The website demonstrates a mature digital presence with modern technologies such as Liferay CMS, React, and integrated marketing and consent management tools. However, a critical security weakness is the absence of a valid SSL certificate, exposing users to potential risks. The company maintains comprehensive privacy and cookie policies with GDPR compliance and uses consent-based tracking. Overall, the business is positioned strongly in the German media market with a broad portfolio and professional digital infrastructure but needs urgent improvements in security configuration.

S

Score Media Group

score-media.de

0

Score Media Group operates as a national marketing platform for regional media brands in Germany, focusing on regional daily newspapers, their digital and print editions, and associated advertising services. The company holds a strong market position with a portfolio of over 420 regional newspaper titles reaching 62 million readers monthly. Their business model centers on cross-media advertising solutions, combining print, online, and e-paper channels to deliver targeted campaigns for advertisers and agencies. Technically, the website is built on WordPress with modern frameworks like React and uses various plugins and tools such as WPBakery, Slider Revolution, and Google Analytics, indicating a mature digital infrastructure but with room for performance optimization due to high page size and load times. Security-wise, the site supports modern TLS protocols and has valid SPF records but lacks advanced security headers like HSTS and OCSP stapling, and the DMARC policy is set to none, which could expose email spoofing risks. Overall, the site demonstrates good SEO, branding consistency, and user experience but would benefit from enhanced security configurations and clearer contact information.

Q

QUARTER MEDIA – Vermarkter von digitalen Werbeflächen

quartermedia.de

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

I

iq digital media marketing gmbh

iqdigital.de

0

iq digital media marketing gmbh is a leading marketing company specializing in advertising for premium German media brands including FAZ Verlag, Handelsblatt Media Group, Süddeutsche Zeitung Verlag, and ZEIT Verlag. The company offers a comprehensive portfolio of digital advertising, programmatic advertising, audio/podcast advertising, newsletter marketing, content marketing, and data targeting services. Their market position is strong, leveraging high-reach, quality media brands to target decision makers and specialized audiences. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted likely on Microsoft Azure, and employs GDPR-compliant consent management and analytics tools. Security posture is good with TLS 1.3 support and valid SPF records, but improvements are recommended in HSTS, DMARC, DNSSEC, and OCSP stapling. Overall, the company demonstrates a mature digital presence with strong privacy and compliance practices.

B

BCN Brand Community Network GmbH

brand-community-network.de

0

BCN Brand Community Network GmbH operates a comprehensive crossmedia marketing network focused on providing advertising solutions across print, digital, and event channels. The company holds a strong market position in Germany with over 300 media brands and 500+ advertising solutions, targeting advertisers and media planners seeking quality reach and brand engagement. The website is built on TYPO3 CMS and integrates modern marketing technologies including Google Tag Manager and a proprietary Smart Stack technology for optimized campaign performance. Security posture is adequate with TLS 1.2 and strong cipher suites but lacks advanced features like HSTS and OCSP stapling. GDPR compliance is well addressed with a dedicated consent management platform. Overall, the digital infrastructure supports a professional and trustworthy user experience, though some security enhancements are recommended.

A

Ad Alliance

ad-alliance.de

0

Ad Alliance is a prominent German media company specializing in advertising solutions across multiple channels including TV, video, print, audio, and digital. It holds a strong market position with key brands and targets decision-maker audiences. The website infrastructure uses a custom CMS hosted on managed IP servers, with moderate performance and good mobile optimization. The security posture is basic with TLS 1.2 enabled and strong cipher suites, but lacks modern features like TLS 1.3, HSTS, and OCSP stapling. Privacy and cookie policies are present and GDPR compliant, supported by a consent management platform. The site integrates Google Analytics and Tag Manager for tracking, with moderate user tracking levels. Contact information and social media presence are comprehensive, enhancing trust and transparency.

D

D4Sign

d4sign.com.br

0

D4Sign is Brazil's leading electronic and digital signature platform, offering a comprehensive SaaS solution that integrates advanced AI capabilities to streamline document signing and contract management. The company serves a broad audience including businesses and individuals, providing secure authentication methods linked to government data for enhanced trust and legal compliance. Technically, the website is built on WordPress with multiple modern plugins and integrates various marketing and analytics tools, hosted on AWS. However, the current SSL/TLS configuration is invalid, posing a significant security risk. The company demonstrates strong market presence with over 500,000 companies trusting its services and certifications such as Great Place To Work and sustainability seals. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms.

P

Prima Estúdio Produções

primaestudio.com.br

0

Prima Estúdio Produções is a Brazilian digital communication company specializing in multimedia production, streaming, web development, and IT services. Established since 2016, it serves a medium-sized client base including notable companies, positioning itself as a reputable service provider in the technology sector. The website reflects a professional digital presence with good SEO and client trust indicators but lacks visible privacy and terms of service policies. Technically, the site is built on WordPress with Themify Ultra theme and uses several plugins including Sendinblue for marketing automation and Google Tag Manager for analytics. However, the site suffers from a lack of valid SSL/TLS configuration, resulting in insecure HTTP delivery and exposing visitors to potential risks. Security posture is weak with missing modern security headers and DNS security features. Cookie consent mechanisms are implemented, indicating some compliance with privacy regulations. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

D

dimension2 economics & philosophy GmbH

dimension2.consulting

0

dimension2 economics & philosophy GmbH is a small German consulting firm specializing in Corporate Digital Responsibility (CDR) and ethical data usage to help businesses gain competitive advantages. Their website presents a professional and well-structured digital presence built on WordPress with modern design elements and SEO optimizations. However, the technical infrastructure shows significant security weaknesses, including the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. The company provides contact primarily through a contact form, with no direct email or phone contacts publicly listed. Privacy policy is present and GDPR compliant, but cookie consent mechanisms and terms of service are missing. Overall, the business is positioned as a niche consulting provider with a focus on trustworthy data practices, but the website's security posture requires urgent improvements to align with best practices and enhance client confidence.

T

TI Inside

esgforum.com.br

0

ESG Forum is a small Brazilian event organizer focused on promoting sustainability and ESG principles through online events. The website serves as a platform to inform and register participants for the ESG Forum 2025 event, targeting corporate professionals and companies interested in environmental, social, and governance topics. The business is positioned as a niche event provider with institutional partners and sponsors, leveraging digital channels for outreach and engagement. Technically, the site is built on WordPress with the Divi theme and uses common plugins for forms, cookie consent, and accessibility. However, the lack of a valid SSL certificate and modern TLS protocols represents a significant security weakness. The site implements basic security measures like SPF and DMARC but lacks advanced protections such as HSTS and OCSP stapling. Analytics and tracking are moderately used via Google Analytics and LinkedIn Insight Tag, with a cookie consent mechanism in place. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

C

Capgo, Inc.

capgo.app

0

Capgo, Inc. is a technology company specializing in providing live Over-the-Air (OTA) update solutions for Capacitor-based mobile applications. Their platform enables developers to push instant updates, fixes, and new features directly to users without the delays associated with app store approvals. Positioned as an innovative and secure solution, Capgo offers both cloud-hosted and self-hosted options, with a strong emphasis on end-to-end encryption and real-time analytics. The company targets development teams seeking efficient app update workflows and enhanced user experience. Their business model includes SaaS offerings, consulting services, and CI/CD pipeline integrations, supported by a transparent trust center and open source code availability.

K

KM Business Information Canada Ltd.

lexpert.ca

0

Lexpert.ca is a leading Canadian legal directory and media platform operated by KM Business Information Canada Ltd. It specializes in providing comprehensive rankings, directories, and news related to lawyers and law firms across various business law sectors including energy, finance, technology, mining, infrastructure, litigation, insolvency, and mergers and acquisitions. The platform targets Canadian businesses seeking qualified legal professionals and offers digital editions, newsletters, and event coverage to support its audience. Technically, the website leverages a modern tech stack including Bootstrap, jQuery, Algolia search, and HubSpot integrations, hosted behind Cloudflare for performance and security. Despite a slow page load time, the site is mobile-optimized and SEO-friendly with consistent branding and good content quality. Security-wise, the site employs a valid SSL certificate, strict DMARC policy, and SPF records, but lacks DNSSEC and HSTS enforcement. The presence of multiple third-party marketing and analytics scripts indicates extensive user tracking, balanced by a robust cookie consent mechanism. Overall, Lexpert.ca demonstrates a mature digital presence with room for security enhancements and performance optimization.

P

pressi.com.br

pressi.com.br

0

The website pressi.com.br currently presents an empty HTML page with no visible content, metadata, or business information. The domain is registered and DNS records are configured with valid A, MX, and NS records, but lacks DNSSEC and CAA security enhancements. The SSL certificate is invalid or missing, resulting in no HTTPS support and exposing the site to potential interception risks. No privacy, cookie, or security policies are published, and no contact or business details are available on the site. The technical infrastructure appears minimal and outdated, with no modern web technologies or analytics detected. Overall, the site exhibits a very low digital maturity and security posture, with significant gaps in compliance and user trust factors.

M

Medienfachverlag Johann Oberauer GmbH

oberauer.com

0

Medienfachverlag Johann Oberauer GmbH is a leading media publishing company in the DACH region specializing in journalism, PR, communication, and printing industry publications and events. The company operates multiple industry magazines, organizes prestigious events and awards, and manages digital portals and job platforms targeting media professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery, WP Rocket, and Google Tag Manager, optimized for performance and SEO but currently lacks a valid SSL certificate, which is a critical security gap. The security posture shows good email authentication practices with SPF and DMARC but misses HTTPS enforcement and advanced DNS security features. Overall, the company demonstrates strong market positioning and digital maturity but should urgently address SSL/TLS issues to protect user data and enhance trust.

J

JET e-Business

jetecommerce.com.br

0

JET e-Business is a Brazilian e-commerce platform provider specializing in high-performance omnichannel solutions for B2C, B2B, D2C, and B2B2C markets. The company offers a comprehensive suite of services including marketplace integrations, storefront customization, search optimization, shipping facilitation, and analytics. Positioned as a strategic partner for e-commerce businesses, JET emphasizes technology, professional support, and customer experience to help clients scale their online operations. The website reflects a medium-sized enterprise with a strong digital presence and a focus on the Brazilian market. Technically, the website is built on WordPress with WPBakery Page Builder and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, Hotjar, and LinkedIn Insight Tag. Hosting and DNS services are provided by Hostinger and Cloudflare respectively. While the site has a valid SSL certificate and implements SPF and DMARC for email security, it lacks advanced DNS security features like DNSSEC and HSTS, and does not have a published security policy or vulnerability disclosure page. From a security perspective, the site demonstrates good baseline practices with valid SSL and email authentication records, but could improve by enabling HSTS, DNSSEC, and publishing explicit security and incident response policies. The presence of multiple tracking scripts indicates extensive user data collection, balanced by a cookie consent mechanism and a comprehensive privacy policy compliant with GDPR. Performance is a concern due to high page load times and large page size, which may impact user experience. Overall, JET e-Business presents a professional and trustworthy e-commerce platform with solid business and technical foundations. Strategic improvements in security hardening and performance optimization are recommended to enhance resilience and user satisfaction.

T

TÜH Staatliche Technische Überwachung Hessen

tueh.de

0

TÜH Staatliche Technische Überwachung Hessen operates as a regional governmental authority providing digital tachograph cards and related services to individuals and businesses in Hessen, Germany. The website serves as an informational and transactional portal offering application forms and guidance for driver cards, company cards, and workshop cards. The organization positions itself as a trusted public service entity within the transportation sector, focusing on compliance and regulatory oversight. Technically, the website is built on TYPO3 CMS, hosted behind Cloudflare DNS and CDN services, and employs standard web technologies including Bootstrap and FontAwesome. Performance is moderate with good mobile optimization and basic accessibility. Security posture is adequate with a valid SSL certificate and cookie consent mechanisms; however, improvements are recommended such as enabling HSTS, DNSSEC, and security headers. No explicit terms of service or vulnerability disclosure policies are present, and contact information is limited to a contact form without direct emails or phone numbers. Analytics usage includes etracker and Google marketing cookies with user consent. Overall, the website demonstrates a professional and trustworthy presence aligned with its public service mission.

S

Sebastian Gepperth

rash.codes

0

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

C

CloserStill Media

dmexcoasia.com

0

The website dmexcoasia.com represents a major upcoming event, eCommerce Expo | DMEXCO Asia, scheduled for October 8-9, 2025 in Singapore. It is organized by CloserStill Media in partnership with Koelnmesse and BVDW, targeting eCommerce and digital marketing professionals in Southeast Asia. The event aims to provide a platform for exhibitors and attendees to connect, generate leads, and share industry insights. Technically, the site uses a variety of modern JavaScript libraries and frameworks including jQuery, Alpine.js, GSAP, and Swiper, hosted on ns-serve.net infrastructure. However, the website suffers from critical security issues including an invalid SSL certificate and lack of TLS protocol support, which significantly undermines its security posture. While HSTS is enabled, other security best practices are missing. The site employs extensive tracking and marketing tools such as Google Analytics, Facebook Pixel, and Microsoft Clarity, indicating a high level of user tracking. Overall, the website is professionally designed with good content relevance and navigation clarity but requires urgent security improvements to protect user data and enhance trust.

D

DATEV eG

datev.com

0

DATEV eG is a leading European software and consulting company specializing in professional support for tax consultancy, auditing, companies, legal advice, and the public sector. The company holds a strong market position as one of Europe's largest software houses, offering over 200 software products and services, including payroll processing for about 14 million payrolls monthly. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding consistency targeting tax professionals and related sectors primarily in Germany. Technically, the site leverages Adobe Experience Manager as its CMS, integrates Adobe Helix RUM for analytics, and uses OneTrust for GDPR-compliant cookie consent management. The hosting infrastructure appears self-managed with dedicated DNS and mail servers, and the site supports modern TLS protocols ensuring secure communications. Security posture is good with strict SPF and DMARC policies, absence of known SSL vulnerabilities, but could be improved by enabling HSTS and OCSP stapling. Overall, the website demonstrates a professional and trustworthy digital footprint aligned with enterprise standards.

K

Koelnmesse GmbH

koelnmesse.com

0

Koelnmesse GmbH is a leading trade fair and event organizer based in Cologne, Germany, with a century-long history since its founding in 1924. The company operates over 80 trade fairs and exhibitions both locally and in key global markets, serving a diverse audience including exhibitors, visitors, and trade fair organizers. Koelnmesse has a strong market position, recognized for its sustainability efforts and industry leadership, including recent awards such as 'Company of the Year' 2025 and 'Pioneer in Sustainability 2024'. Technically, the website employs a modern tech stack including jQuery, OneTrust for privacy management, Google Tag Manager, and various third-party integrations for social media and advertising. Hosting is provided via Amazon AWS infrastructure. Performance is moderate with good mobile optimization and basic accessibility features. SEO practices are good, supporting the company's digital presence. From a security perspective, while email security is well managed with valid SPF and DMARC records, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant vulnerabilities. The site lacks HSTS, OCSP stapling, and other advanced security headers, lowering its overall security posture. No vulnerability disclosure or security.txt files were found, indicating limited transparency in security incident handling. Overall, Koelnmesse presents a professional and trustworthy online presence with strong business credentials but requires urgent improvements in its SSL/TLS configuration and security best practices to protect user data and maintain compliance with modern security standards.

R

Resonanz Digital

resonanz-marketing.com

0

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, SEO, and Google Ads optimization. With over 20 years of experience and a Google Partner certification, the company targets small and medium-sized enterprises, founders, and individual entrepreneurs primarily in the German-speaking market. Their service portfolio includes web design, development, online marketing, and ongoing maintenance, positioning them as a trusted partner for digital presence creation. Technically, the website is built on WordPress using the Avia Framework and integrates various modern web technologies including jQuery and WP Rocket for performance optimization. The hosting infrastructure appears to be on Google Cloud, providing a reliable platform. The site supports multilingual content via WPML and employs structured data for SEO enhancement. Performance is moderate with room for improvement in load times. From a security perspective, the site has correctly configured SPF and DMARC DNS records, indicating good email authentication practices. However, the lack of a valid SSL certificate and absence of TLS protocols represent significant security weaknesses, exposing users to potential data interception risks. The cookie consent mechanism is implemented, supporting GDPR compliance, but the DMARC policy is set to 'none', which could be strengthened. Overall, Resonanz Digital demonstrates a mature digital presence with strong business credibility and customer trust signals. The main risk lies in the missing HTTPS security layer, which should be addressed promptly to protect user data and enhance trust. Strategic improvements in security posture and performance optimization will further solidify their market position.

R

respACT

respact.at

0

respACT is Austria's leading corporate platform for Corporate Social Responsibility (CSR), providing a comprehensive network and resources for businesses committed to sustainable development. The platform offers events, training, publications, and member services targeting companies and organizations interested in CSR and sustainability. Technically, the website is built on the siteswift CMS framework, leveraging modern JavaScript libraries such as jQuery, Swiper.js, and Macy.js, with analytics powered by Matomo and Brevo. The site implements GDPR-compliant cookie consent via Klaro and maintains a valid SSL certificate with strong TLS configurations. Security posture is generally good, with SPF and DMARC records configured, but improvements such as enabling HSTS, OCSP stapling, and DNSSEC are recommended. Overall, respACT demonstrates a mature digital presence with good content quality and user experience, positioning it as a trusted resource in the Austrian CSR ecosystem.

O

OBJENTIS Software Integration GmbH

objentis.com

0

OBJENTIS Software Integration GmbH is an established Austrian IT service provider specializing in software testing consulting, automation, and training. With over 26 years of experience and a portfolio of notable clients including major banks and insurance companies, OBJENTIS positions itself as a trusted partner in the software lifecycle. Their offerings include consulting solutions, innovative driverless test automation products, and tailored training workshops. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, supported by modern web technologies and plugins for search and cookie management. Security-wise, the domain employs valid SPF and DMARC records with strict policies, supports TLS 1.2 and 1.3, and avoids known SSL vulnerabilities. However, improvements are needed in SSL configuration such as enabling HSTS and OCSP stapling, and publishing a security.txt file. Overall, the site demonstrates good digital maturity and professionalism, with moderate performance and good mobile optimization. The presence of client testimonials, certifications, and social media links enhance trust. Strategic recommendations include enhancing HTTPS security headers, formalizing security policies, and improving transparency around incident response.

R

RDV - Ihr Wissensportal für Datenschutz und Digitalisierung

rdv-online.com

0

Security assessment completed with an overall score of 50/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 25 security findings identified across all modules.

C

CEDPO - Confederation of European Data Protection Organisations

cedpo.eu

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 30 security findings identified across all modules.

M

MP Agregador, S. de R.L. de C.V.

mercadopago.com.mx

0

Mercado Pago México operates as a leading digital financial services platform under the Mercado Libre group, offering a comprehensive suite of services including digital accounts, credit cards, personal loans, and payment processing solutions tailored for individuals and businesses in Mexico. The platform integrates with Mercado Libre's e-commerce ecosystem, positioning itself as a key player in Latin America's fintech landscape. Technically, the website employs modern web technologies such as React-based frameworks, New Relic monitoring, and various analytics and marketing tools, hosted on Amazon AWS infrastructure with Cloudfront CDN. Security measures include valid SPF and DMARC records, TLS 1.2 and 1.3 support, and absence of major SSL vulnerabilities, although improvements are recommended in HSTS enforcement and OCSP stapling. A subdomain takeover vulnerability was detected on the blog subdomain, representing a potential risk. Overall, the site demonstrates good digital maturity, strong branding, and extensive user tracking for analytics and marketing purposes.

M

MercadoPago S.A.

mercadopago.cl

0

MercadoPago S.A. is a leading digital payment platform in Chile, operating as part of the MercadoLibre ecosystem. The company offers a comprehensive suite of financial services including digital accounts, prepaid Mastercard cards, instant money transfers, and payment acceptance solutions for both individuals and businesses. Its market position is strong, serving a broad audience with a focus on seamless online payment processing and financial management. The website reflects a mature digital infrastructure with modern technologies such as React, New Relic for monitoring, and Google Tag Manager for marketing and analytics. Despite a generally strong security posture with strict DMARC and SPF policies and HSTS enabled, the site has an invalid SSL certificate and a subdomain takeover vulnerability on its blog subdomain, which are critical issues to address. Overall, the platform demonstrates high professionalism, excellent user experience, and good compliance with privacy and cookie policies, but should prioritize remediating its SSL and subdomain security gaps to maintain trust and security.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.