Security Directory

K

KARL DEUTSCH Prüf- und Messgerätebau GmbH + Co KG

karldeutsch.de

40

KARL DEUTSCH Prüf- und Messgerätebau GmbH + Co KG is a medium-sized German manufacturing company specializing in nondestructive testing equipment, including ultrasonic, magnetic particle, and penetrant testing devices. Founded in 1949, the company has established a strong international market presence with a broad product portfolio and recognized brands. The website is built on WordPress with a professional design and clear navigation, supporting multilingual content in German and English. However, the site currently lacks a valid SSL certificate, exposing it to security risks and impacting trustworthiness. While cookie consent mechanisms and privacy policies are well implemented, the absence of HTTPS and security headers are critical vulnerabilities that need urgent attention. Contact information and social media presence are comprehensive, supporting business credibility.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

K

Klar Webagentur GmbH

klar-webagentur.ch

40

Klar Webagentur GmbH is a Swiss-based digital agency specializing in web design, web development, content production including photography and video, and online marketing services targeted primarily at Swiss small and medium-sized enterprises (KMU) and organizations. The company positions itself as a provider of clear, practical web solutions that help clients achieve their digital goals efficiently. Their website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website is built on Joomla CMS and leverages modern JavaScript libraries such as jQuery and GSAP, along with Mapbox for map integration. The site uses Google Analytics and Google Tag Manager for analytics and marketing purposes. Hosting appears to be managed via sui-inter.net nameservers. Performance is somewhat slow due to a large page size and many resources, but mobile optimization is good. From a security perspective, the site uses HTTPS with TLS 1.3 and 1.2 protocols and has valid SPF and DMARC DNS records, although DMARC is set to a non-enforcing policy. There is no HSTS enabled, no DNSSEC, and no OCSP stapling, which are areas for improvement. No explicit security or incident response policies are published on the site. Cookie consent is implemented with a banner and opt-in mechanism, but GDPR compliance indicators are basic. Overall, the website is functional, professional, and credible but could benefit from enhanced security configurations and improved performance. Strategic recommendations include enabling HSTS, improving DMARC policy, implementing DNSSEC, and optimizing page load times to strengthen security posture and user experience.

C

CERTQUA GmbH

certqua.de

40

CERTQUA GmbH is a medium-sized German certification body specializing in certifications and accreditations for education and labor market organizations, including ISO 9001, ISO 21001, and AZAV. Founded in 1994, it holds accreditations under ISO 17021 and ISO 17065 and offers a comprehensive range of services including certification, training seminars, and a digital service center platform. The website is professionally designed, content-rich, and well-structured, targeting education providers and related stakeholders. Technically, the site uses modern web technologies and is hosted on Hetzner, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and valid certificates but lacks some best practices such as HSTS, OCSP stapling, DMARC, and DNSSEC. Privacy compliance is well addressed with clear cookie consent and privacy policies. Contact information and social media presence enhance business credibility. Overall, the site reflects a mature digital presence with room for security improvements.

J

Just a moment...

crunchboard.com

30

The website crunchboard.com is currently inaccessible due to a Cloudflare security challenge page that blocks access to actual content. The page served is a minimal interstitial requiring JavaScript and cookies to proceed, indicating a WAF protection mechanism is active. No business-related content, metadata, or contact information is available for analysis. The SSL configuration is basic with HTTPS enabled but lacks advanced features such as HSTS and OCSP stapling. DNSSEC is disabled and CAA records appear malformed. The site uses Cloudflare for hosting and security, with Cloudflare Insights for minimal analytics. Due to the blocking, the overall content quality and business credibility cannot be assessed, resulting in a low AI score. Strategic recommendations include disabling or properly configuring the WAF challenge for public access, adding privacy and cookie policies, and publishing business contact information to improve trust and compliance.

S

StrictlyVC, LLC

strictlyvc.com

63

StrictlyVC, LLC is a specialized media company providing venture capital news, events, and podcasts primarily targeting Silicon Valley and broader tech industry professionals. Acquired by Yahoo, Inc., it leverages a WordPress-based platform integrated with modern marketing and analytics tools such as MailerLite and Parsely. The website offers a rich content experience with multimedia elements and a newsletter subscription form protected by Google reCAPTCHA. Technically, the site uses Cloudflare for DNS and likely CDN services, supports modern TLS protocols, but lacks some advanced security configurations such as HSTS and proper CAA records. Privacy and terms are governed by Yahoo's legal framework, ensuring compliance with GDPR and other regulations. Overall, the site is professional and trustworthy but could improve its security posture and cookie consent mechanisms.

C

Christian Doppler Laboratory CDL-BOT

cdl-bot.at

40

The Christian Doppler Laboratory CDL-BOT is a research-focused institution specializing in blockchain technologies for the Internet of Things. It operates as a collaboration between academic institutions TU Hamburg and TU Wien, supported by Austria's Federal Ministry for Digital and Economic Affairs and industrial partners such as Pantos and the IOTA Foundation. The laboratory aims to advance Distributed Ledger Technologies to be practical and effective for IoT applications, including secure data exchange and payment mechanisms. The website reflects a professional research entity with clear academic and industrial partnerships but lacks direct contact information and comprehensive privacy or security policies. Technically, the website is built using modern web technologies including React and Next.js, providing a good user experience and mobile optimization. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. The DNS setup is standard but lacks advanced security features such as DNSSEC and CAA records. Performance is moderate with a page load time of approximately 4 seconds. Security-wise, the site does not implement essential best practices such as HTTPS, HSTS, or security headers, and lacks vulnerability disclosure or incident response information. Privacy compliance is minimal with a basic privacy policy present but no cookie consent mechanism or GDPR compliance statements. Overall, the site is functional and informative but requires urgent improvements in security and privacy to meet modern standards. Strategic recommendations include immediate deployment of a valid SSL certificate, enabling HTTPS, implementing security headers, adding cookie consent mechanisms, and publishing comprehensive security and privacy policies to enhance trust and compliance.

O

on-geo GmbH

lora.de

40

on-geo GmbH operates a suite of geospatial data service portals including LORA and Geoport, targeting professional users in real estate and related sectors primarily in Germany. The website serves as a secure login gateway for multiple branded services, providing access to geospatial data, consulting, and training. The technical infrastructure is based on Microsoft technologies with ADFS for authentication, delivering a fast and functional user experience with basic mobile optimization. Security posture is strong with HTTPS, modern TLS protocols, and multiple security headers, though improvements are recommended in HSTS configuration and email domain security. Privacy compliance is partial with a privacy policy present but lacking cookie consent mechanisms. Overall, the site demonstrates good business credibility and technical maturity with room for enhancements in privacy and security best practices.

1

11FREUNDE

11freunde.de

40

11FREUNDE is a well-established German digital magazine focused on football culture, providing comprehensive news, live tickers, video content, and subscription services. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, responsive design, and extensive content catering to football enthusiasts. However, the absence of a valid SSL/TLS certificate significantly impacts the site's security posture, exposing users to potential risks. While privacy and cookie policies are comprehensive and GDPR compliant, the lack of HTTPS and related security best practices are critical vulnerabilities. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

R

relxchat.link

relxchat.link

30

The website relxchat.link currently presents no accessible content, metadata, or business information, indicating it is likely blocked by a Cloudflare Web Application Firewall or similar security mechanism. The DNS records and hosting provider confirm Cloudflare usage, but the site returns a minimal HTML skeleton with no visible content or scripts. The SSL certificate is valid but lacks detailed configuration information, and no security headers or policies are implemented. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are found, and no contact or business information is available. This severely limits the ability to assess the business model, market position, or services offered. The overall digital maturity appears very low with poor SEO, accessibility, and user experience.

R

relxcutt.link

relxcutt.link

30

The website relxcutt.link currently presents no accessible content, metadata, or business information, indicating it is either under construction or blocked by security mechanisms. The domain is hosted behind Cloudflare with valid but suspicious SSL certificate details and no security headers or DNS security extensions enabled. This results in a low security posture and poor technical implementation. No privacy, cookie, or terms of service policies are present, and no contact or business details can be extracted. Overall, the site is not functional or informative at this time, severely limiting any meaningful business or security assessment.

L

Lagutogel

rinconolon.com

40

Lagutogel operates as an online platform providing live Hong Kong lottery results and related data, targeting Indonesian lottery players and enthusiasts. The website positions itself as a trusted source for accurate and timely lottery information, supplemented by affiliate links for registration and login to gambling services. Technically, the site leverages AMP technology for optimized mobile performance and is hosted behind Cloudflare, ensuring basic content delivery and security. However, the SSL certificate validity dates appear unusual, and no advanced security headers or email authentication mechanisms like DMARC are implemented. Privacy compliance is minimal, with no visible privacy or cookie policies, which may pose regulatory risks. Overall, the site delivers relevant content with moderate technical maturity but lacks comprehensive security and privacy safeguards.

U

UCSfm

ucsfm.com.br

39

UCSfm is a regional radio station affiliated with the Universidade de Caxias do Sul, serving the Serra Gaúcha region in Brazil with music, news, and cultural content. The website is built on WordPress and uses common plugins such as Revolution Slider and Contact Form 7, indicating a standard digital infrastructure. The site actively publishes news articles and maintains community engagement through streaming links and social sharing tools. However, the lack of a valid SSL certificate and absence of HTTPS significantly weaken the security posture. The presence of a cookie consent banner and privacy policy shows some privacy awareness, but GDPR compliance is not evident. Overall, the site is functional and moderately professional but requires urgent security improvements to protect user data and enhance trust.

H

Hospital Geral de Caxias do Sul

hgcs.com.br

46

Hospital Geral de Caxias do Sul is a large healthcare institution in Brazil providing a comprehensive range of medical services including oncology, radiotherapy, intensive care, and specialized treatments. The hospital is a regional reference in high complexity care and is accredited by the ONA, reflecting its commitment to quality and safety. The website serves patients, healthcare professionals, and the local community, also offering educational programs such as medical residency and permanent education. Technically, the site uses a modern tech stack including Apache server, Laravel framework, and various JavaScript libraries for UI and analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are minimal, and no privacy or cookie policies are found, indicating compliance gaps. The site includes multiple contact phone numbers, a physical address, and social media links, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

U

Uniftec Online

unifteconline.com.br

40

Uniftec Online is a well-established Brazilian educational institution offering a broad portfolio of courses including undergraduate, postgraduate, technical, and extension programs, primarily delivered via online (EAD) and in-person modalities. The institution operates multiple campuses and learning centers across Brazil, supported by a robust digital infrastructure leveraging modern web technologies such as Next.js, React, and Material-UI, hosted on Amazon AWS. The website demonstrates a professional design with comprehensive course information and clear navigation, targeting students seeking flexible and diverse educational opportunities. Security posture is adequate with HTTPS enabled and no critical vulnerabilities detected, though improvements in SSL configuration and DNS security are recommended. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks explicit cookie consent mechanisms and GDPR compliance indicators. Overall, the website reflects a mature digital presence with room for technical and security enhancements to further strengthen trust and compliance.

P

Polyuni

polyuni.com.br

66

Polyuni is a Brazilian educational institution focused on providing innovative and immersive learning experiences aligned with national educational standards (BNCC). The institution emphasizes scientific inquiry, creativity, and a hybrid digital-physical learning environment, targeting students and parents seeking modern education solutions. The website reflects a medium-sized organization with a solid regional presence and recognition for innovation in education. Technically, the website is built on modern frameworks such as Next.js and Material-UI, hosted on AWS infrastructure, but suffers from slow load times and lacks some advanced SEO and accessibility features. Security posture is good with proper SSL/TLS configuration and SPF records, though improvements like HSTS, DMARC, and OCSP stapling are recommended. Privacy compliance is basic with a privacy policy and cookie consent banner present, but no explicit GDPR compliance indicators or terms of service. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

C

Centro Educacional Mutirão

mutirao.com.br

68

Centro Educacional Mutirão is a well-established educational institution in Brazil with over 40 years of experience, specializing in technical courses, adult education (EJA), and preparatory courses for public exams and ENEM. The institution holds recognized certifications and operates multiple units across several cities, serving a broad audience of young and adult learners seeking professional and academic advancement. Technically, the website is built on modern frameworks like Next.js and React, hosted on AWS infrastructure, and integrates various marketing and analytics tools. Security posture is solid with strong SSL/TLS configurations and valid SPF/DMARC records, though improvements like enabling HSTS and DNSSEC are recommended. Privacy policies are comprehensive but lack explicit cookie consent mechanisms. Overall, the website is professional, content-rich, and trustworthy, though performance optimization could be enhanced.

S

Sof.IA

sofia.vc

40

Sof.IA is a Brazilian technology company offering an AI-powered personal assistant accessible via WhatsApp. The service integrates multiple AI platforms such as ChatGPT, OpenAI, Google, and Microsoft to provide features including image generation, translations, mathematical solutions, and audio-based Q&A. The business model is credit-based with free trial credits and paid packages, targeting smartphone users seeking practical AI assistance. Technically, the website is built on WordPress with Elementor and related plugins, hosted on AWS infrastructure. However, the site suffers from slow performance and lacks a valid SSL certificate, exposing users to security risks. Security posture is weak with no HTTPS, no security headers, and missing DNS security records. Privacy compliance is poor, with no privacy or cookie policies despite collecting user data via forms. Contact information is available via email and contact forms, but no formal security or incident response policies are found. Overall, the site is functional but requires significant improvements in security and privacy to enhance trust and compliance.

U

Uniftec

uniftec.com.br

52

Uniftec is a well-established educational institution in Brazil offering a wide range of courses including undergraduate, postgraduate, technical, and extension programs. It operates both online and through multiple physical campuses across various states in Brazil, targeting students seeking professional and academic development. The website reflects a mature digital presence with a modern tech stack including Next.js and Material-UI, hosted on AWS infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the security posture of the site. While SPF is configured for email security, the lack of DMARC and other security headers exposes potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy, but cookie consent mechanisms and GDPR compliance indicators are missing. Overall, the site provides rich content and good user experience but requires urgent security improvements to protect user data and enhance trust.

I

iF Design

ifdesign.com

71

iF Design is a globally recognized organization that hosts the prestigious iF DESIGN AWARD, established in 1953. The company operates a comprehensive digital platform showcasing award winners, design trends, and community engagement for designers, architects, and companies worldwide. Their market position is strong within the design industry, offering key services such as design competitions, trend reports, and networking opportunities. Technically, the website is built on modern React and Gatsby frameworks, hosted on Microsoft Azure, with a valid SSL certificate and standard security configurations. However, performance is somewhat slow, and security headers could be enhanced. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a professional and trustworthy presence with moderate tracking and marketing tools integrated.

D

Design For a Better World

dfbwaward.com

40

Design For a Better World is a Brazilian award platform that celebrates design initiatives promoting positive social and environmental impact. The website showcases award categories, jury members, past winners, and partner organizations. It is built on WordPress with Elementor and uses Yoast SEO for optimization. The technical infrastructure is moderate but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication records like DMARC. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the site is content-rich and professionally designed but requires urgent security and privacy improvements.

P

Página inacessível

apprbs.com.br

30

The website apprbs.com.br currently serves a minimal 'Página inacessível' (Page inaccessible) message with no accessible business content or user interaction features. The DNS configuration shows hosting on Google Cloud infrastructure and email services via Google Workspace with SPF records including Elastic Email. However, the site lacks a valid SSL certificate and does not support HTTPS, representing a critical security vulnerability. No privacy, cookie, or terms of service policies are present, and no contact information or forms are available, indicating the site is either down, under maintenance, or improperly configured. From a technical perspective, the site uses basic HTML5 and CSS with JSON-LD structured data indicating the domain name but no further business details. Performance is moderate but limited by minimal content. SEO is poor due to a malformed robots meta tag set to noindex and lack of metadata. Accessibility and mobile optimization are basic at best. Security posture is weak with no HTTPS, no security headers, no HSTS, and a DMARC policy set to none, exposing the domain to email spoofing risks. No WAF or security challenge was detected, but the site is effectively inaccessible to users. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, improving security headers and policies, publishing privacy and cookie policies, and restoring accessible business content to improve trust and compliance.

4

4ED

4ed.com.br

64

4ED is a Brazilian design school offering a wide range of online and in-person courses across various design disciplines including graphic, interior, fashion, product, and more. Established in 2011 and based in Porto Alegre, it serves students, professionals, and corporate clients with a comprehensive educational model. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding. Technically, the site is built on WordPress with Elementor and WooCommerce, leveraging multiple plugins and integrations for e-commerce and marketing. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which are critical for protecting user data and ensuring trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but should prioritize upgrading its SSL/TLS configuration to enhance security and user confidence.

R

Roca Brasil Cerámica - Porcelanatos e Revestimentos Cerâmicos

rocaceramica.com.br

57

Roca Brasil Cerámica is a large Brazilian manufacturer and retailer specializing in porcelain and ceramic tiles, targeting architects, designers, engineers, and commercial clients. The company emphasizes sustainability and offers a comprehensive product catalog with technical support and showroom experiences. The website is built on WordPress with modern front-end frameworks and integrates multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which severely impacts its security posture. While privacy and cookie policies are well implemented with consent mechanisms, no explicit security or incident response policies are found. The overall digital maturity is moderate, with good content quality and user experience but technical and security improvements are needed.

C

Coral

coral.com.br

53

Coral is a prominent Brazilian paint brand operating under the parent company AkzoNobel. The website serves as a comprehensive platform offering paint products, color inspiration tools, and professional services such as painter finders and online shopping. Technically, the site is built on Adobe Experience Manager and integrates modern marketing and analytics tools like Google Tag Manager and OneTrust for cookie consent. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are well implemented and GDPR compliant, the lack of security headers and email domain protections like DMARC present vulnerabilities. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

A

Atria Design & Inovação

studioatria.com.br

47

Atria Design & Inovação is a Brazilian small design studio specializing in innovation, branding, and digital experience services. The company targets businesses seeking to enhance their brand and user experience through strategic design solutions. Their website showcases multiple client case studies and a clear service offering, positioning them as an innovative design partner in their market segment. Technically, the website uses modern frontend libraries such as Bootstrap, jQuery, and Owl Carousel, hosted on Locaweb, but suffers from slow load times and lacks a CMS or structured data for SEO enhancement. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and missing security headers, exposing the site to significant risks. Privacy compliance is basic with a cookie consent popup and a privacy policy page, but no GDPR-specific indicators or terms of service are present. Overall, the site is professional in design and content but requires urgent security improvements to protect user data and build trust.

N

NeoAssist

neoassist.com

67

NeoAssist is a Brazilian technology company offering a comprehensive omnichannel customer service platform that integrates multiple communication channels and leverages artificial intelligence to enhance customer experience and operational efficiency. The company is well-positioned in the market with a large client base of over 220 brands and a strong focus on data-driven insights and automation. Technically, the website is built on WordPress with modern SEO and analytics integrations, hosted on Cloudflare with robust SSL configurations. Security posture is good with proper SPF and DMARC records, TLS 1.3 support, and no critical vulnerabilities detected, though improvements in DNSSEC and HSTS are recommended. Privacy compliance is strong, featuring a comprehensive privacy policy, cookie consent mechanisms, and GDPR alignment. Overall, NeoAssist demonstrates a mature digital presence with professional design, extensive marketing and analytics tools, and a high level of trustworthiness.

C

Catalog3D

catalog3d.com

52

Catalog3D is a technology platform focused on the creation, consumption, and sale of 3D models and materials, primarily targeting users of Promob software and 3D content creators. The platform offers subscription-based access to libraries of 3D models and materials, including those created by partner users and brands. The website is built on a Microsoft IIS server using ASP.NET MVC and AngularJS, with Babylon.js for 3D rendering. DNS hosting is managed via Microsoft Azure DNS. Despite a modern tech stack, the website lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent is implemented via Cookiebot, but no privacy policy or terms of service pages are found in the accessible content. No explicit contact information or security policies are provided, limiting transparency and trust. The website content is primarily in Portuguese and includes partner brand logos, indicating some level of business credibility.

M

Madri Lab

madriproducoes.com.br

40

Madri Lab is a Brazilian company specializing in educational technology services, particularly focused on EAD (distance education) and LMS (Learning Management System) platforms such as Moodle. They provide a range of services including hosting, platform customization, web development, and corporate training. The company positions itself as a specialized provider for educational institutions and corporate clients seeking to enhance their online course offerings. Technically, the website is built on WordPress with Elementor and several plugins, hosted likely on AWS infrastructure. However, the site lacks a valid SSL certificate, serving content over HTTP only, which is a significant security concern. The security posture is weak with no HTTPS, no HSTS, and missing security headers, exposing users to potential risks. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance to protect users and build trust.

L

leadlovers

leadlovers.app

40

Leadlovers is a technology company offering marketing automation and lead generation services primarily through a SaaS platform. The website targets digital marketers and businesses seeking to optimize email marketing and sales funnels. The platform integrates various third-party tools for analytics and user engagement, indicating a moderate level of digital maturity. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS protection. This significantly impacts the security posture and user trust. Additionally, the lack of privacy and cookie policies suggests poor privacy compliance. Performance is suboptimal with a slow load time and large page size, which may affect user experience. Overall, while the business model and content quality are good, the technical and security shortcomings present risks that should be addressed promptly.

K

Kommo

kommo.com

65

Kommo is a technology company offering a cloud-based CRM platform focused on conversational sales through messaging apps such as WhatsApp, Instagram, Telegram, and SMS. The platform targets small to medium-sized businesses and entrepreneurs, providing tools like customizable sales pipelines, unified chat inbox, sales automation bots, and AI-powered chat management. Kommo positions itself as a leading CRM solution for messaging-based sales with a strong emphasis on user experience and integration capabilities. Technically, the website is built on modern JavaScript frameworks, uses Cloudflare for hosting and CDN, and integrates multiple marketing and analytics tools. However, a critical security issue is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy and compliance are well addressed with comprehensive policies and GDPR adherence. Overall, Kommo presents a professional and trustworthy online presence but must urgently fix SSL/TLS issues to ensure secure user interactions.

C

Cyncly

rfms.com

64

Cyncly operates a specialized ERP software platform, RFMS ERP, tailored for the flooring industry. The company offers a comprehensive suite of business management tools including accounting, inventory, order entry, sales reporting, and mobile applications. Positioned as an industry-focused ERP provider, Cyncly targets flooring businesses, builders, and retailers with flexible subscription models and hosted solutions. The website demonstrates a professional and consistent brand presence with good content quality and clear navigation. Technically, the site leverages modern JavaScript frameworks and integrates multiple marketing and analytics tools, hosted behind Cloudflare DNS services. Security posture is adequate with valid SSL and SPF records, but improvements are recommended such as enabling HSTS, DNSSEC, and stricter DMARC policies. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism. Overall, the website is well-structured and trustworthy, supporting extensive user tracking for marketing and analytics purposes.

G

GO-2B AG

go-2b.de

60

GO-2B AG is a German-based technology company specializing in product data management solutions tailored for industries such as furniture and retail. As a brand under Compusoft Deutschland AG, it offers a suite of services including software applications, configurators, and data management platforms to support complex product marketing and sales processes. The website reflects a professional and consistent brand image with clear business information and client references, targeting B2B customers in industrial and retail sectors. Technically, the site is built on WordPress with popular plugins and frameworks, but suffers from slow load times and lacks some modern security configurations. Security posture is moderate with valid SSL and SPF records but missing critical headers and HSTS. Privacy compliance is strong with comprehensive policies and consent mechanisms. Overall, the site is functional and trustworthy but would benefit from technical and security enhancements.

C

Cyncly

mozaiksoftware.com

64

Mozaik Software, operated by Cyncly, provides specialized CNC software solutions tailored for the bespoke cabinet manufacturing industry. Their product suite includes Mozaik Manufacturing™, Mozaik CNC™, and Mozaik Enterprise™, each targeting different levels of manufacturing complexity and CNC integration. The company positions itself as a flexible, subscription-based software provider with strong industry knowledge and local support. Their website reflects a professional and consistent brand image with clear product offerings and pricing. Technically, the site leverages modern JavaScript frameworks and integrates multiple analytics and marketing tools, hosted primarily via Cloudflare with monitoring through Microsoft Azure. Security posture is adequate with valid SSL and SPF records but lacks advanced HTTP security headers and DMARC, which are recommended for enhanced protection. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, the website is content-rich and trustworthy but could improve performance and security hardening.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 12 security findings identified across all modules.

F

FoccoERP - Sistema de Gestão

foccoerp.com.br

40

FoccoERP is a Brazilian ERP software provider specializing in management systems for manufacturing and distribution companies. The company offers integrated solutions that enhance operational efficiency, reduce costs, and support business growth with AI-driven planning tools. Their market position is strong with over 1000 clients and 20,000 active users, supported by a professional website and active social media presence. Technically, the website is built on WordPress with Elementor and hosted on Hostinger with Cloudflare DNS, but lacks a valid SSL certificate, which is a critical security gap. Security posture is basic with SPF and DMARC configured but no HTTPS or modern TLS protocols enabled. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism despite tracking pixels. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

Mozaik Software operates a UK-based e-commerce website offering software subscriptions and online training services. The company targets businesses and professionals seeking specialized software solutions and training. The website is built on WordPress with WooCommerce, indicating a standard e-commerce platform setup. However, the site suffers from slow performance and minimal content, with only a single product listed. Technically, the site uses common marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Microsoft Clarity, but lacks modern security configurations. Critically, the absence of an SSL certificate means the site is served over HTTP, exposing users to potential risks and undermining trust. Privacy and cookie policies are present but hosted on a third-party domain, which may affect compliance perception. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and performance to enhance user trust and compliance.

D

Dinamize Informática Ltda

dinamize.com.br

70

Dinamize Informática Ltda is a Brazilian technology company specializing in digital marketing automation solutions, including email marketing, WhatsApp marketing, CRM, and integrated platforms. The company serves over 12,000 clients and maintains a strong partner network, positioning itself as a significant player in the marketing automation SaaS market. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to businesses seeking marketing automation services. Technically, the site is built on WordPress with Elementor and JetMenu, leveraging Cloudflare for DNS and CDN services. Performance is moderate, with good mobile optimization and accessibility features. Security posture is strong with valid SSL, HSTS, SPF, and DMARC policies, though DNSSEC and CAA records are absent, representing an area for improvement. Privacy and cookie policies are present and GDPR-compliant, with consent mechanisms implemented. Overall, the website demonstrates a high level of professionalism, security, and compliance, supporting the company's credibility and trustworthiness.

O

one.com Group AB

dogado.group

62

group.one is a leading European technology company specializing in empowering small and medium-sized businesses (SMBs) with AI-powered website building, SaaS products, hosting, and digital marketing solutions. With a portfolio of local and global brands, the company serves over 2 million customers across 15 countries, positioning itself as a trusted partner for SMB digital success. The business model focuses on integrated digital tools that support the entire customer journey from online presence to commerce and growth. Technically, the website leverages modern frameworks such as React and Next.js, integrates AI capabilities via OpenAI, and supports WordPress platforms, reflecting a mature digital infrastructure. Security posture is adequate with TLS 1.2 and strong cipher suites, but lacks advanced features like HSTS, OCSP stapling, and TLS 1.3, which are recommended for enhanced protection. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, though cookie consent mechanisms are not explicitly detected. Overall, the website is professional, content-rich, and trustworthy, with room for security improvements to further strengthen its posture.

S

StackAdapt

stackadapt.tech

70

StackAdapt is a recognized leader in the AdTech industry, operating a high-performance demand side platform (DSP) that handles billions of ad requests daily. Their technology blog serves as a platform to share insights and experiences from their engineering teams, focusing on scalable software development, AI integration, and user experience. The website is hosted on the Medium platform, leveraging its CMS capabilities and social features. Technically, the site employs modern technologies including Ruby on Rails and React, with a solid SSL/TLS configuration ensuring secure communications. However, performance is suboptimal with a high load time and large page size, which could impact user experience. Security posture is generally good, with proper SPF and DMARC email configurations and no critical SSL vulnerabilities, but lacks some security headers and HSTS enforcement. Privacy compliance is adequate, relying on Medium's comprehensive privacy and terms policies, though no explicit cookie consent mechanism is present. Overall, the site demonstrates a professional and trustworthy presence with room for technical and security improvements.

S

Secure Mailgate

secure-mailgate.com

67

Secure Mailgate operates as a specialized provider of secure email gateway services, focusing on secure login and email domain management primarily targeting business users requiring secure email access. The website is functional and accessible, featuring a login form and multilingual support but lacks comprehensive public-facing content such as privacy policies, terms of service, or contact information. Technically, the site uses standard web technologies including JavaScript and CSS, hosted on infrastructure associated with Cloudpit. Performance is moderate with a relatively small page size and acceptable load times. From a security perspective, the site enforces HTTPS with modern TLS protocols (1.3 and 1.2) and a valid wildcard SSL certificate, but lacks advanced security features such as HSTS, OCSP stapling, DNSSEC, and DMARC records. No security headers are detected, and no vulnerability disclosures or incident response contacts are publicly available. This indicates a basic security posture with room for significant improvement to enhance email domain protection and overall site security. Overall, the website presents a basic but functional digital presence with limited transparency on privacy and security policies. The lack of contact information and policy documents may impact user trust and compliance with data protection regulations. Strategic improvements in security configuration, policy publication, and user communication are recommended to strengthen the company's market position and compliance posture.

E

easyname GmbH

easyname.com

61

easyname GmbH is a medium-sized Austrian technology company specializing in webhosting, domain registration, website building, VPS hosting, SSL certificates, and digital marketing services. Positioned as a reliable European provider, easyname emphasizes customer support, data privacy, and operational transparency. Their business model targets individuals and SMEs seeking comprehensive online presence solutions. The website reflects a professional and consistent brand image with clear navigation and relevant content. Technically, the site uses modern JavaScript frameworks including React and jQuery, supported by a custom platform hosted on their own datacenters in Austria, Germany, and Switzerland. However, performance is currently slow and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, despite presence of some security headers and SPF/DMARC email protections. Privacy compliance is good with clear policies and consent mechanisms. Overall, the site is trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

A

Arztsuche24.at

arztsuche24.at

40

Arztsuche24.at is an Austrian online healthcare directory providing comprehensive listings of doctors, pharmacies, and health institutions across Austria. The platform offers detailed information including health insurance affiliations, opening hours, directions, and contact details, targeting patients and healthcare seekers within Austria. The site collaborates with Verlagshaus der Ärzte, enhancing its credibility and content quality. Technically, the website is built on WordPress with a custom theme and utilizes common web technologies such as jQuery, Bootstrap, and Leaflet.js for maps. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support and outdated security protocols, which significantly impacts its security posture. Privacy compliance is addressed through a cookie consent banner and links to comprehensive privacy and terms policies hosted on a partner domain. Overall, while the site provides valuable healthcare information, its security shortcomings and slow performance present risks that should be addressed to improve user trust and compliance.

H

Hund

hundstat.us

50

Hund.io operates a status page at hundstat.us providing real-time and historical operational status for its services including website, DNS, GitLab, and platform components. The site targets users and customers who require transparency on service availability and performance. The business model centers on operational monitoring and status reporting, positioning Hund.io as a technology service provider in the monitoring niche. The website content is professional and consistent with the brand, but lacks comprehensive business and compliance information. Technically, the site is hosted on AWS infrastructure with DNS managed partly by AWS and Hurricane Electric. The technology stack includes standard web technologies with Google Analytics and Google Tag Manager for tracking. However, the site suffers from slow performance and lacks modern optimizations such as full mobile responsiveness and accessibility features. From a security perspective, the site has critical weaknesses including an invalid or missing SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or CAA records. These issues significantly reduce the security posture and expose users to risks. Additionally, there is no evidence of privacy compliance, incident response policies, or contact information for security matters. Overall, the site presents moderate business credibility but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and publishing privacy and security policies.

S

SoSafe

humanfirewallconference.com

40

SoSafe operates the Human Firewall Conference, a leading European cybersecurity event focused on the human factor in security. The company provides cybersecurity awareness training and human risk management services, positioning itself as a key player in the cybersecurity education and event space. The website is professionally designed, content-rich, and targets security professionals and CISOs. Technically, the site uses WordPress CMS, integrates with HubSpot for forms, Matomo and Google Analytics for tracking, and Cookiebot for GDPR-compliant cookie management. However, the site suffers from an invalid SSL certificate and lacks important security headers and DNS security features, which lowers its security posture. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Business credibility is strong with clear contact information, social media presence, and trust signals such as testimonials and speaker highlights. Overall, the site is functional and professional but requires improvements in security infrastructure to enhance trust and compliance.

S

SoSafe

sosafe.de

40

SoSafe is a leading European provider of security awareness training and human risk management solutions, serving over 4.5 million users. Their platform leverages behavioral psychology, gamification, and AI to empower employees to recognize and mitigate cyber threats effectively. The company offers a suite of products including personalized e-learning, phishing simulation tools, an AI chatbot named Sofie, and a comprehensive human risk management dashboard. Technically, the website is built on WordPress, uses Cloudflare for hosting and CDN, and integrates marketing and analytics tools such as Google Tag Manager and Visual Website Optimizer. While the site is content-rich, well-designed, and privacy compliant with GDPR and cookie consent mechanisms, it suffers from a critical security issue: an invalid SSL certificate and disabled TLS protocols, which significantly lowers its security posture. The company demonstrates strong trust signals through ISO 27001, TISAX certifications, customer testimonials, and industry awards. Overall, SoSafe presents a professional and credible online presence but must urgently address its SSL/TLS configuration to ensure secure communications and maintain trust.

1

1-2-3-Plakat.de GmbH

123plakat.de

40

1-2-3-Plakat.de GmbH operates a specialized online platform focused on poster advertising across Germany, providing a comprehensive service that includes location selection, printing, and campaign management. The company targets businesses and freelancers seeking effective outdoor advertising solutions, leveraging a large inventory of over 160,000 poster locations. The website is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager and Google Analytics. Despite a well-structured and content-rich site with good user experience and clear contact information, the absence of a valid SSL certificate and HTTPS significantly undermines the security posture. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy policies, reflecting good privacy compliance. Overall, the business demonstrates solid credibility and market positioning but requires urgent security improvements to protect user data and enhance trust.

P

ProSiebenSat.1 Welt

prosiebensat1welt.de

40

ProSiebenSat.1 Welt was a German Pay TV channel operated under the ProSiebenSat.1 media group, offering entertainment content including TV programs, films, and series. The channel ceased operations at the end of 2023 after nearly two decades. The website serves primarily as an informational and redirect portal to partner channels and provides compliance and legal information. Technically, the site is built using modern web technologies including Next.js and React, hosted likely on AWS infrastructure, and uses Contentful as a CMS. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support, which severely impacts security posture and user trust. No advanced security headers or TLS protocols are enabled, and DNSSEC is not configured. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, but no direct contact information or incident response details are provided. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and maintain credibility.

J

Joyn ist im Ausland nur begrenzt nutzbar

joyn.ch

69

Joyn.ch is a regional streaming media platform targeting German-speaking users in Switzerland, with sister sites in Germany and Austria. The service offers free and subscription-based tiers with geo-restrictions limiting usage abroad. Technically, the site is built on a modern Next.js framework hosted on Vercel, using GraphQL APIs and secure email services. The SSL configuration is strong with TLS 1.3 support and robust security headers, though HSTS is not fully enabled. Privacy and cookie policies are not present on the analyzed page, and no direct contact information is provided, which impacts compliance and trust. Overall, the site is professionally designed and performs well, but improvements in privacy transparency and incident response readiness are recommended.

J

Joyn

joyn.at

40

Joyn.at is a regional streaming media platform targeting German-speaking users in Austria, Germany, and Switzerland. The service offers video content with geo-restrictions limiting access outside these countries. The website is built using modern web technologies including Next.js and React, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present, indicating some compliance with GDPR requirements, but no explicit security or incident response policies are found. Overall, the site provides a professional user experience but requires significant improvements in security posture to protect user data and enhance trust.