Is gramax.ai Safe? Security Analysis for GRAMAX Cybertech Pvt. Ltd.
Check if gramax.ai is a scam or legitimate. Free security scan and reviews.
AI Summary
GRAMAX Cybertech Pvt. Ltd. is a cybersecurity services and solutions provider specializing in protecting critical infrastructure such as airports, power plants, and utilities. The company leverages expertise in converged cyber, physical, and edge computing security to deliver integrated cyber defense and risk management services. Their market position is that of a specialized firm with strong partnerships and a focus on critical infrastructure sectors. The website reflects a professional and consistent brand image with clear navigation and relevant content targeting enterprise clients. Technically, the website is built on Drupal 9 with Bootstrap and jQuery, hosted with GoDaddy and using Cloudflare DNS. It employs New Relic for monitoring and Google Analytics for tracking. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. Security posture is solid with HTTPS enforced and domain protections, though DNSSEC is not enabled and some security policies are not explicitly published. Security-wise, the site follows best practices such as HTTPS and domain status protections but lacks explicit incident response contacts and vulnerability disclosure policies. Privacy compliance is basic with privacy and cookie policies present but no explicit consent mechanism. The domain is recently registered with privacy protection, consistent with the company's founding date and business model. Overall, the website is professional, trustworthy, and suitable for its target audience, with recommendations to enhance DNS security, privacy compliance, and incident response transparency to further strengthen its security posture and user trust.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
GRAMAX operates in the cybersecurity sector focusing on critical infrastructure protection, leveraging its parent company GMR Group's legacy in airports and power plants. The company offers a range of services including integrated cyber defense, vulnerability and risk management, identity governance, cloud security, IoT/OT security, and digital forensics. Their partnership ecosystem includes major cybersecurity vendors such as CrowdStrike, Fortinet, and Palo Alto Networks, enhancing their market credibility. The business model centers on providing end-to-end cybersecurity solutions to enterprise clients in energy and transportation sectors. Growth indicators include recent domain registration and active content updates. The company targets enterprises requiring robust cyber risk management, positioning itself as a trusted partner with specialized expertise.
Security Posture Analysis
Comprehensive Security Assessment
The website demonstrates a mature security posture with HTTPS enforced, domain registration protections (clientDeleteProhibited, etc.), and use of reputable DNS providers (Cloudflare). However, DNSSEC is not enabled, which is a recommended best practice to prevent DNS spoofing. The absence of a published security policy or incident response contact reduces transparency and may impact trust for security-conscious clients. Privacy policies exist but lack explicit cookie consent mechanisms, which could be improved for GDPR compliance. No vulnerabilities or exposed sensitive data were detected in the content. Overall, the security posture is good but can be enhanced by enabling DNSSEC, publishing incident response details, and improving privacy compliance.
Strategic Recommendations
Priority Actions for Security Improvement
Enable DNSSEC on the domain to enhance DNS security and prevent spoofing attacks.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
GRAMAX Cybertech Pvt. Ltd.
Gramax Cybersec provides cybersecurity services & solutions to protect enterprises from cyber threats. They specialize in end-to-end cyber risk management for critical infrastructure such as airports, power, and utilities.
good
consistent
Technical Stack
moderate
good
basic
good
Security Assessment
- HTTPS enforced
- Domain status includes clientDeleteProhibited and other EPP protections
- Use of Cloudflare DNS servers
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is professionally designed with clear navigation and good content.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Weak X-Content-Type-Options configuration
LOWCurrent value: "nosniff, nosniff, nosniff"
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Weak Referrer-Policy configuration
LOWCurrent value: "strict-origin, same-origin"
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
No Data Protection Officer mentioned
LOWLarge organizations may need to designate a DPO under GDPR
Privacy policy may not be GDPR compliant
MEDIUMPrivacy policy lacks explicit GDPR compliance elements
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
No email authentication configured
CRITICALDomain is vulnerable to email spoofing
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 39 days
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
Domain Registration Details
- •Privacy/proxy registration detected
DNS Records
DNSSEC Status
DNS Performance
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Good Network Security Posture
LOWNo unnecessary services detected on common risky ports
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings