Security Directory

M

Mondoni Press

mondonipress.com.br

0

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.

I

Início | Streaming Academy Abotts

streamingladies.com.br

0

The website streamingladies.com.br currently presents an HTTP 429 error indicating that it is not accessible due to too many requests or rate limiting. The site lacks any metadata, structured data, or business information, and does not provide contact details, privacy policies, or terms of service. Technically, the site uses JavaScript with the LitElement framework and includes a Chrome Dino game clone script, but the SSL certificate is invalid and no modern TLS protocols are enabled, resulting in a poor security posture. There are no security headers or DNS security configurations in place. Performance is slow and content is minimal, leading to a poor user experience and low trustworthiness. Overall, the site appears to be down or blocked, providing no meaningful business or user information.

R

Resonanz Digital

resonanz-digital.at

0

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, online marketing, SEO, and Google Ads. With over 20 years of experience and a Google Partner certification, the company targets small and medium enterprises, founders, and individual entrepreneurs. Their service portfolio includes web design, WordPress development, maintenance, plugin development, and marketing services, positioning them as a trusted partner for digital presence creation. The website demonstrates a strong brand consistency and excellent content quality, supported by positive customer reviews from ProvenExpert. Technically, the site runs on WordPress with the Enfold theme and uses various performance and multilingual plugins. Hosting is provided via Google Cloud infrastructure. Security-wise, the site supports modern TLS protocols and has valid SPF and DMARC records but lacks advanced security features like HSTS, DNSSEC, and OCSP stapling, which could be improved. The cookie consent mechanism is implemented with opt-in for marketing and statistics cookies, reflecting good privacy compliance. Overall, the website is professional, trustworthy, and well-optimized for SEO and user experience, though performance could be enhanced.

G

Greyd GmbH

greyd.de

0

Greyd GmbH operates the Greyd.Suite, an all-in-one WordPress platform designed to help freelancers, agencies, and enterprises scale their WordPress businesses efficiently. The company positions itself as a comprehensive solution provider with a unique block-based builder, centralized content and design management, and advanced features such as headless CMS capabilities and dynamic content management. Their market position is strengthened by a consistent brand presence, extensive feature set, and a focus on performance and accessibility. Technically, the website is built on WordPress 6.8.1 with a rich tech stack including custom plugins, Borlabs Cookie for GDPR-compliant consent management, and Chargebee for subscription billing. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user data confidentiality and trust. The site demonstrates good SEO and accessibility practices, with comprehensive legal and privacy documentation. Overall, Greyd GmbH shows strong digital maturity but should urgently address SSL and TLS issues to improve security and user trust.

S

SCHUFA

schufa.de

0

SCHUFA is a major German credit bureau specializing in credit scoring and risk assessment services for consumers and businesses. The website is currently protected by a FriendlyCaptcha challenge, indicating active bot mitigation measures. However, the site lacks visible privacy, cookie, or terms of service policies on the captcha landing page, and no direct contact information is provided. The DNS configuration shows strong email authentication with SPF and DMARC policies, but the SSL/TLS configuration is critically lacking, with no valid certificate or secure protocols enabled. This presents a significant security risk for users and the business. The technical infrastructure relies on external captcha services and is hosted via United Domains nameservers. Performance is moderate but user experience and content quality are poor due to the captcha gate and lack of accessible content.

S

Saulės spektras, UAB

auto.lt

0

Auto.lt is a Lithuanian online business directory specializing in automotive-related companies and services. It offers comprehensive search capabilities, user reviews, expert advice, job listings, and map-based navigation to serve both businesses and consumers in Lithuania's automotive sector. The platform is operated by Saulės spektras, UAB, positioning itself as a key local player with a consistent brand and good content quality. Technically, the website uses modern JavaScript libraries, Google Analytics, and a custom CMS hosted by Hostex. While the site supports TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, it lacks DNSSEC, HSTS, and OCSP stapling, which are recommended for enhanced security. The cookie and privacy policies are comprehensive and GDPR compliant, with active consent mechanisms. Performance is moderate to slow due to large page size and resource count, but mobile optimization and SEO are well addressed. Overall, the site demonstrates a solid digital presence with room for security and performance improvements.

S

Saulės spektras, UAB

turizmas.lt

0

Turizmas.lt is a Lithuanian tourism portal operated by Saulės spektras, UAB, providing a comprehensive directory of travel-related services including accommodation, rural tourism, travel agencies, and leisure activities. The platform targets both local and international tourists seeking detailed information and booking options within Lithuania. The website demonstrates a solid market position as a national tourism information hub with a medium-sized business model based on listings and advertising revenue. Technically, the site uses a modern but somewhat traditional tech stack including Google Analytics, Bootstrap, and CKEditor, hosted by Hostex.lt. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site employs a valid SSL certificate with strong cipher suites but lacks advanced DNS security features such as DNSSEC and CAA records. Cookie and privacy policies are comprehensive and GDPR compliant, with a consent mechanism implemented. However, there is no visible terms of service or incident response policy. Overall, the site is professional, trustworthy, and well-branded, but could improve security posture and transparency in some areas.

S

Saulės spektras, UAB

medicina.lt

0

Medicina.lt is a Lithuanian healthcare information portal operated by Saulės spektras, UAB, providing a comprehensive directory of medical institutions, pharmacies, medical equipment suppliers, and expert advice. The site targets Lithuanian healthcare consumers seeking medical services, products, and professional guidance. It holds a strong market position as a trusted source for healthcare-related information with multilingual support and user engagement features such as reviews and Q&A with experts. Technically, the site uses a custom CMS with JavaScript libraries, Google Analytics, and Google Maps API, hosted by Hostex. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to an invalid SSL certificate and lack of HTTPS, no DNSSEC, and missing security headers, which poses risks to user data confidentiality and trust. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms implemented. Overall, Medicina.lt is a well-established healthcare portal with room for critical security improvements to protect users and enhance trust.

S

Saulės spektras, UAB

statyba.lt

0

Statyba.lt is a comprehensive Lithuanian online business directory specializing in the construction sector, offering company listings, expert advice, job postings, and industry articles. Operated by Saulės spektras, UAB, it serves as a key platform for connecting construction-related businesses and consumers in Lithuania. The website demonstrates a solid market position with a broad range of services and active content updates. Technically, the site uses modern JavaScript frameworks, Google Analytics, and Google Fonts, hosted by Hostex, but suffers from slow load times due to large page size and resource count. Security-wise, it employs TLS 1.2 with strong cipher suites but lacks TLS 1.3, HSTS, OCSP stapling, and DNSSEC, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with clear user consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile use, though performance improvements are advisable.

O

Orchestra Brasil

orchestrabrasil.com.br

0

Orchestra Brasil is a Brazilian project focused on promoting and supporting the internationalization of suppliers in the furniture manufacturing industry. It acts as a bridge between Brazilian suppliers and global markets, facilitating export activities and participation in major international trade fairs. The project is well-established with over a decade of experience and supports nearly 100 qualified Brazilian companies exporting to more than 90 countries. The website serves importers, manufacturers, distributors, and retailers in the furniture sector, providing information and contact channels to engage with Brazilian suppliers. Technically, the website is built on WordPress and leverages common plugins such as Contact Form 7, Yoast SEO, and GDPR compliance tools. It uses Google Analytics and Facebook Pixel for tracking and marketing automation via Mautic. The hosting provider is KingHost, and the SSL certificate is valid but lacks advanced security configurations like HSTS and security headers. Performance is relatively slow due to a large page size and many resources, but mobile optimization and SEO are adequately addressed. From a security perspective, the site implements basic protections including SSL and invisible reCAPTCHA on forms, along with a cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit privacy policies, terms of service, security policies, and incident response information. No vulnerability disclosure or security.txt files were found. The overall security posture is moderate but could be improved with enhanced HTTP headers, DNSSEC, and published security documentation. Overall, Orchestra Brasil presents a professional and consistent online presence supporting Brazilian furniture industry exporters. Strategic improvements in security and compliance documentation would enhance trust and reduce risk exposure.

P

Prêmio Salão Design

salaodesign.com.br

0

Prêmio Salão Design operates a Brazilian-focused design award platform that integrates designers and industries through contests, virtual catalogs, and galleries. The website is built on WordPress with a mature technical stack including SEO optimization and multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which poses a significant security risk to users. While cookie consent mechanisms are implemented, no explicit privacy policy or terms of service pages were found, indicating compliance gaps. The site maintains partnerships with multiple industry organizations and sponsors, reflecting a solid market presence in the design sector.

R

RBA +

rba.com.br

0

Security assessment completed with an overall score of 50/100 (unknown risk). 12 high-priority issues should be addressed promptly. Total of 25 security findings identified across all modules.

A

AGIQON GmbH

agiqon-shopware.de

0

AGIQON GmbH is a specialized full-service Shopware agency based in Germany, focusing on B2B and medium-sized enterprises. They hold a strong market position as a Shopware Platinum Partner with extensive certifications and a portfolio of over 200 projects and 100 custom plugins. Their services encompass strategic consulting, technical implementation, and ongoing support for Shopware 6 e-commerce platforms. Technically, the website is built on HubSpot CMS with integrations for marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, the site currently suffers from critical security shortcomings including an invalid SSL certificate, lack of modern TLS protocols, and missing DNS security features like DNSSEC and DMARC. Despite these issues, the site demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. The overall digital maturity is moderate with room for improvement in security and performance.

S

Ströer X GmbH

stroeer-x.de

0

Ströer X GmbH is a large German-based outsourcing partner specializing in dialog marketing, sales, and customer experience services. As part of the Ströer Group, it leverages the strength of a major corporation combined with the agility of a mid-sized service provider. The company offers a broad portfolio including customer service, digital transformation, social media management, and value-added services such as chat software and AI automation. Their market position is strong within media and related sectors, serving clients across multiple industries including e-commerce, energy, financial services, telecommunications, and tourism. Technically, the website is built on TYPO3 CMS and integrates modern marketing and analytics tools like Google Tag Manager, TikTok Pixel, and HubSpot forms, with GDPR-compliant cookie consent managed by Cookiebot. However, the site currently lacks a valid SSL certificate and modern TLS support, which is a critical security concern. Security policies such as SPF and DMARC are properly configured, but DNSSEC and other advanced DNS security measures are absent. Overall, the company demonstrates good digital maturity but needs to address fundamental security gaps to protect user data and maintain trust.

M

MMP Event GmbH

mmpevent.de

0

MMP Event GmbH is a medium-sized event agency operating as a 100% subsidiary of the Seven.One Entertainment Group in Germany. The company specializes in developing innovative event formats, managing event execution, marketing, and 360-degree communication, including TV event marketing and consulting in sports, media, and culture sectors. Their strong integration with the parent media group positions them uniquely to combine media and event marketing for maximum visibility and audience engagement. Technically, the website is built on WordPress using the Avada theme and Fusion Builder, with standard SEO and marketing tools such as Yoast SEO, Google Tag Manager, and UserCentrics CMP for cookie consent. However, the site suffers from an invalid SSL certificate and lacks advanced security configurations, which poses risks to user trust and data security. The company maintains GDPR compliance with a comprehensive privacy policy and cookie consent mechanism but lacks visible incident response or security policy documentation. Overall, the business is professionally presented with good content quality and consistent branding, but technical and security improvements are necessary to enhance trust and protect user data.

A

Associação Brasileira de Internet das Coisas

abinc.org.br

0

Associação Brasileira de Internet das Coisas (ABINC) is a Brazilian technology association focused on the Internet of Things (IoT) sector. It provides membership services including access to digital materials, event participation, brand exposure, and committee involvement. The organization targets IoT industry stakeholders and professionals primarily in Brazil. The website is built on WordPress with Elementor and integrates event calendars and cookie consent mechanisms, reflecting a moderate level of digital maturity. However, the site suffers from critical security weaknesses, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes visitors to security risks. While cookie consent is implemented, no explicit privacy or security policies are published, indicating compliance gaps. Overall, ABINC maintains a good content quality and user experience but requires urgent improvements in security posture to protect its users and enhance trust.

J

Johann Oberauer GmbH

medien-camp.com

0

Medien Camp is a well-established event platform focused on careers in the media industry, primarily targeting young talents and aspiring media professionals. The company operates under Johann Oberauer GmbH and organizes sessions, workshops, AMAs, career forums, and media tours to connect attendees with media professionals and provide insights into media careers. The website demonstrates strong SEO and content quality, supported by a professional design and consistent branding. Technically, the site is built on WordPress with modern performance optimizations but has room for improvement in security configurations such as DNSSEC, HSTS, and DMARC. The security posture is moderate with no critical vulnerabilities detected but lacks explicit security policies or incident response information. Overall, the site is trustworthy and professionally managed, with good privacy and cookie compliance.

H

Hi, I'm Tobias. | rixx.de

rixx.de

0

The website rixx.de serves as a personal hub for Tobias, an open source software author, conference speaker, and community organizer primarily in the technology sector. The site highlights his projects, blog posts, and involvement in events such as Chaos Communication Congress and DjangoCon Europe. The business model centers on personal branding and community engagement rather than commercial transactions. Technically, the site is built with standard web technologies including HTML, CSS, and JavaScript, with hosting provided by INWX. Performance is moderate, and SEO is well addressed through metadata, but mobile optimization and accessibility are basic. Security posture is weak due to the absence of a valid SSL certificate, lack of TLS support, missing security headers, and no DNSSEC. SPF is configured correctly, but other email authentication and security mechanisms are minimal. No privacy, cookie, or terms policies are published, and no contact information is explicitly provided on the site. Overall, the site is trustworthy for its niche audience but requires significant security and compliance improvements to enhance user trust and data protection.

W

WP-Network

wp-network.org

0

WP-Network is a non-profit association based in Austria that unites WordPress professionals, digital agencies, freelancers, and web developers primarily in the Austrian and DACH region. The organization offers networking opportunities through monthly WordPress meetups, an expert search platform, and a job board targeting WordPress-related roles. It is supported by sponsorships from recognized companies in the WordPress ecosystem and funded through membership fees and event revenues. The website is well-branded and professionally presented, targeting a niche community of WordPress professionals. Technically, the website is built on WordPress 6.8.1 using the Enfold theme and child theme customizations. It employs modern web technologies including jQuery, Font Awesome, and Matomo analytics for user tracking. The site is hosted with domaintechnik.at and uses structured data (JSON-LD) for SEO enhancement. However, the website suffers from a critical security weakness due to the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. From a security perspective, the site has implemented a GDPR-compliant cookie consent mechanism with detailed cookie categories and uses SPF records for email authentication. Nevertheless, it lacks essential security headers, modern TLS protocols, HSTS, and DMARC records. These gaps expose the site to potential risks such as data interception, phishing, and email spoofing. No explicit security policy, incident response contacts, or vulnerability disclosure statements are found. Overall, WP-Network is a valuable community resource with a solid business model and good digital maturity but requires urgent improvements in its security posture to protect its users and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and implementing comprehensive security headers and email authentication policies.

W

Wake Creators

wakecreators.com.br

0

Wake Creators is a Brazilian technology company specializing in influencer marketing data and solutions. With a decade of experience, it holds a leading market position by maintaining the largest influencer database and leveraging AI and machine learning to optimize marketing campaigns. The company operates as part of the LWSA group and integrates into the broader Wake ecosystem, targeting brands, advertisers, and influencers. Technically, the website is built on WordPress using Oxygen Builder, hosted on AWS with DNS managed by Cloudflare. However, the site lacks a valid SSL certificate and modern TLS support, which poses significant security risks. The presence of SPF and DMARC records indicates some email security awareness, but the DMARC policy is permissive. Analytics usage is moderate with Google Analytics and Tag Manager implemented, but no cookie consent mechanism is present, which may impact privacy compliance. Overall, the site demonstrates moderate digital maturity with room for security and compliance improvements.

A

ABIMÓVEL - Associação Brasileira das Indústrias do Mobiliário

abimovel.com

0

ABIMÓVEL is a Brazilian industry association focused on representing and supporting the furniture manufacturing sector. The organization promotes export initiatives, sustainability programs, design integration, and regulatory compliance education to enhance the competitiveness of its members. The website serves as a portal for industry news, projects, and resources, targeting furniture manufacturers, designers, and exporters primarily in Brazil but with international outreach. Technically, the website is built on WordPress with Elementor and various Jet plugins, hosted on Locaweb infrastructure. However, the site lacks a valid SSL certificate and modern TLS support, which undermines its security posture. There are no visible privacy or cookie policies, and no formal security or incident response policies are published. Social media presence and contact forms indicate active engagement and data collection, but privacy compliance appears minimal. Overall, the site is professionally designed but requires significant security and compliance improvements to meet modern standards.

S

Sindmóveis Bento Gonçalves

sindmoveis.com.br

0

Sindmóveis Bento Gonçalves is a well-established industry union representing the furniture manufacturing sector in Bento Gonçalves, Brazil, since 1977. The organization plays a pivotal role in fostering development within the local and national furniture industry by providing a range of services including labor area support, digital certification, training, sector data, international committees, projects, and trade fairs. Their market position is significant within the manufacturing sector, supported by partnerships with key industry players and active engagement in events and communications. The website reflects a medium-sized entity with consistent branding and good content quality aimed at industry stakeholders and associated members. Technically, the website is built on WordPress with a custom theme and employs various modern web technologies such as lazy loading, Google Analytics, Google Tag Manager, Facebook Pixel, and reCAPTCHA for security. Hosting is provided by KingHost, and the site uses a valid SSL certificate, although some SSL metadata appears unusual. Performance is currently slow due to large page size and load times, but mobile optimization and SEO are handled well. Security practices include spam protection and SPF records for email, but lack advanced HTTP security headers and DNSSEC. From a security perspective, the site demonstrates basic to moderate maturity with valid SSL, anti-spam measures, and GDPR cookie consent mechanisms. However, it lacks explicit privacy and terms of service pages, security policies, incident response contacts, and vulnerability disclosure information. There is room for improvement in security headers, HSTS enforcement, and DNS security. Overall, the site is trustworthy and professional but would benefit from enhanced security and compliance documentation. Strategically, Sindmóveis should focus on improving website performance, implementing comprehensive security headers, publishing clear privacy and terms policies, and enhancing incident response readiness to strengthen trust and compliance with evolving data protection regulations.

I

interneX GmbH

internex.de

0

interneX GmbH is a small German company with a basic online presence primarily providing legal and contact information on its website. The company’s market position and detailed business services are not explicitly described, indicating a limited digital footprint. The website is minimalistic, with no advanced content or interactive features, targeting a general audience likely within Germany. Technically, the site is hosted on kasserver.com using Apache with HTTP/2 support and basic CSS styling. Performance is fast, but mobile optimization and accessibility are basic. Security posture shows support for modern TLS protocols without known vulnerabilities, but lacks advanced security headers such as HSTS and OCSP stapling. DNSSEC and DMARC are not implemented, which could expose the domain to DNS and email spoofing risks. Overall, the security score is moderate with room for improvement in compliance and best practices. The website does not include privacy or cookie consent mechanisms, which may impact GDPR compliance. Contact information is clearly provided, but no email addresses or social media links are present. Strategic recommendations include enhancing HTTPS security, implementing DNS and email protections, publishing a vulnerability disclosure policy, and improving privacy compliance to build trust and reduce risk.

P

pressi.com.br

pressi.com.br

0

The website pressi.com.br currently presents an empty HTML page with no visible content, metadata, or business information. The domain is registered and DNS records are configured with valid A, MX, and NS records, but lacks DNSSEC and CAA security enhancements. The SSL certificate is invalid or missing, resulting in no HTTPS support and exposing the site to potential interception risks. No privacy, cookie, or security policies are published, and no contact or business details are available on the site. The technical infrastructure appears minimal and outdated, with no modern web technologies or analytics detected. Overall, the site exhibits a very low digital maturity and security posture, with significant gaps in compliance and user trust factors.

S

Sebastian Gepperth

rash.codes

0

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

S

Saulės spektras, UAB

info.lt

0

Info.lt is a comprehensive Lithuanian business directory platform operated by Saulės spektras, UAB. It offers extensive company listings, categorized business sectors, user reviews, job postings, and advertising opportunities, positioning itself as a leading resource for business information in Lithuania. The website targets both businesses and consumers seeking detailed company data and related services. Technically, the site employs standard web technologies including Google Analytics, Google Tag Manager, jQuery UI, and CKEditor, hosted likely by Hostex. Performance is moderate with good mobile optimization and SEO practices. Security posture is adequate with a valid SSL certificate and SPF records, but lacks advanced security headers, DNSSEC, and CAA records. Privacy and cookie policies are comprehensive and GDPR compliant, with an implemented cookie consent mechanism. Overall, the platform demonstrates a mature digital presence with room for security enhancements.

B

Bayern Innovativ

bayern-innovativ.de

0

Bayern Innovativ is a publicly commissioned innovation support organization based in Bavaria, Germany, established in 1995. It focuses on fostering innovation by connecting businesses, research institutions, and organizations through networks, services, and events. The organization supports the entire innovation lifecycle, from idea development to market introduction, with a strong emphasis on sectors such as energy, transportation, healthcare, manufacturing, and creative industries. Their market position is well-established as a key facilitator of innovation in the Bavarian economy. Technically, the website is built on TYPO3 CMS and incorporates modern web technologies including Bootstrap, jQuery, and various third-party services such as ReadSpeaker for accessibility and Google Tag Manager for marketing analytics. The site demonstrates good mobile optimization and accessibility features, though performance is somewhat slow with a high load time and resource count. From a security perspective, the site supports TLS 1.3 and 1.2 with no known SSL vulnerabilities, but lacks advanced security headers like HSTS and DNSSEC. Cookie consent mechanisms are implemented comprehensively, supporting GDPR compliance. Certifications such as ISO 37301 and audit badges enhance trustworthiness. However, no explicit security or incident response policies are publicly available. Overall, Bayern Innovativ presents a professional and trustworthy digital presence with room for improvement in security hardening and performance optimization. Strategic enhancements in these areas would strengthen their security posture and user experience.

J

Johann Oberauer GmbH

campaigngermany.de

0

Campaign Germany is a well-established German media service focused on delivering daily industry news and insights for the advertising, marketing, and media sectors. The website offers subscription services, newsletters, job listings, and advertising opportunities, targeting professionals within the German media industry. The company operates under Johann Oberauer GmbH and maintains a consistent brand presence with a good quality content offering. Technically, the site is built on the Newsroom CMS and uses technologies such as nginx, Google Tag Manager, and Google Publisher Tags for advertising. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While privacy policies and terms of service are present and GDPR compliant, there is no cookie consent mechanism implemented. The site uses standard security headers but misses advanced protections like HSTS and DNSSEC. Overall, the website demonstrates moderate trustworthiness and professionalism but requires urgent security improvements to protect user data and enhance compliance.

爱

爱跨境123

ikj123.com

0

爱跨境123 is a Chinese-language online platform focused on providing a comprehensive collection of resources, tools, and links for cross-border e-commerce and social media marketing. It serves as a curated directory for various e-commerce platforms, marketing tools, proxy services, and social media resources, targeting cross-border industry operators and advertising optimizers. The site positions itself as a valuable hub for learning and accessing essential tools for overseas traffic promotion and marketing. Technically, the website runs on nginx with PHP 7.2.33, but lacks proper SSL/TLS configuration, exposing it to security risks. It uses Baidu analytics for tracking but does not implement visible privacy or cookie policies, which may raise compliance concerns. The security posture is basic with no modern HTTPS support or advanced security headers. Overall, the site offers rich content and useful external links but requires significant improvements in security and privacy compliance to enhance trust and protect users.

H

Haoqq导航

mcds.com

0

Haoqq导航 operates as a specialized navigation portal tailored for Amazon global sellers and cross-border e-commerce practitioners. It aggregates and provides access to a wide range of resources including keyword tools, ERP systems, forums, media outlets, logistics, payment solutions, and educational platforms. The website targets primarily Chinese-speaking Amazon sellers and cross-border merchants, positioning itself as a comprehensive resource hub to bridge information gaps among sellers. Technically, the site runs on an nginx server with PHP 5.6.30, employs Google Analytics and Tag Manager for tracking, and uses a responsive design framework likely based on Bootstrap. However, the SSL certificate is invalid and mismatched, and no modern TLS protocols are enabled, indicating a weak security posture. No privacy, cookie, or terms of service policies are present, and no contact information is disclosed, which may impact user trust and compliance. The site heavily relies on external affiliate and partner links, integrating multiple third-party tools and services. Strategic improvements in security, compliance, and transparency are recommended to enhance trust and protect user data.

N

NORGATE.LV SIA

norgate.lv

0

The website exhibits a weak overall security posture with critical gaps in privacy compliance, security headers, and core security policies. There is a critical GDPR compliance failure due to the absence of privacy and cookie policies, as well as no cookie consent mechanism, exposing the business to regulatory and reputational risks in the EU market. Security headers are largely missing, increasing vulnerability to common web-based attacks such as clickjacking, cross-site scripting, and data injection. The SSL/TLS configuration is suboptimal with weak keys and impending certificate expiration, risking data interception and trust issues. Absence of a formal information security framework, incident response plan, and security documentation further increases operational risks and slows incident handling. Exposure of high-risk services like FTP and lack of DNSSEC can be exploited by attackers to gain unauthorized access or manipulate traffic. While email security and DNS health scores are relatively better, they still require improvements to prevent spoofing and domain abuse. Overall, the website is at high risk for security breaches, non-compliance fines, and damage to customer trust unless prompt remediation occurs.

O

o2

o2.de

0

This website has 9 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

S

Superfund Towarzystwo Funduszy Inwestycyjnych S.A.

superfund.pl

0

The website's overall security posture is currently weak, with critical gaps in privacy compliance, security headers implementation, and incident response readiness. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks and cross-site scripting risks. GDPR compliance is severely lacking, with no privacy policies or cookie consent mechanisms, placing the business at high regulatory and reputational risk, especially as it operates in the EU. The absence of an information security framework and incident response procedures under NIS2 requirements further increases vulnerability to targeted cyberattacks and potential operational disruptions. Email security is moderate but incomplete, increasing the risk of phishing and spoofing. Although SSL/TLS and DNS configurations are relatively stronger, issues like imminent certificate expiration and missing DNSSEC weaken the trust chain. High-risk network exposures, such as an open FTP service, compound the overall risk. Immediate remediation is critical to safeguard customer data, maintain compliance, and protect brand reputation.

This website has 6 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 3 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 7 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 6 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 3 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

U

University Sesame

universitesesame.com

0

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and lack of email authentication mechanisms put sensitive data and communications at risk of interception and spoofing. The failure to implement GDPR requirements, including missing privacy and cookie policies and consent mechanisms, may lead to legal penalties and loss of customer trust. Additionally, the lack of a formal information security framework, incident response, and business continuity plans highlights an immature security governance environment. While network security measures appear strong, the overall ecosystem is vulnerable due to foundational security gaps. Immediate remediation is necessary to safeguard business operations, comply with regulations, and maintain customer confidence. The current module scores, especially for GDPR and NIS2 compliance, indicate urgent attention is required to align with industry standards and legal obligations.

P

Panerai

panerai.com

0

The website exhibits a severely weak security posture, with multiple critical vulnerabilities primarily around encryption and regulatory compliance. The absence of HTTPS encryption is a critical risk that undermines data confidentiality and integrity, exposing users to potential data interception and man-in-the-middle attacks. Compliance with GDPR and NIS2 requirements is significantly lacking, which poses legal and reputational risks for the business. Security headers are inadequately configured, increasing exposure to common web-based attacks. While network security and email security show relatively better scores, foundational SSL/TLS protections are missing. The lack of documented security policies, incident response, and vulnerability disclosure processes indicates immature security governance. Overall, the site is vulnerable to data breaches, regulatory penalties, and loss of customer trust. Immediate remediation is essential to protect sensitive data and comply with legal frameworks.