Security Directory

S

Sindmóveis Bento Gonçalves

sindmoveis.com.br

49

Sindmóveis Bento Gonçalves is a well-established industry union representing the furniture manufacturing sector in Bento Gonçalves, Brazil, since 1977. The organization plays a pivotal role in fostering development within the local and national furniture industry by providing a range of services including labor area support, digital certification, training, sector data, international committees, projects, and trade fairs. Their market position is significant within the manufacturing sector, supported by partnerships with key industry players and active engagement in events and communications. The website reflects a medium-sized entity with consistent branding and good content quality aimed at industry stakeholders and associated members. Technically, the website is built on WordPress with a custom theme and employs various modern web technologies such as lazy loading, Google Analytics, Google Tag Manager, Facebook Pixel, and reCAPTCHA for security. Hosting is provided by KingHost, and the site uses a valid SSL certificate, although some SSL metadata appears unusual. Performance is currently slow due to large page size and load times, but mobile optimization and SEO are handled well. Security practices include spam protection and SPF records for email, but lack advanced HTTP security headers and DNSSEC. From a security perspective, the site demonstrates basic to moderate maturity with valid SSL, anti-spam measures, and GDPR cookie consent mechanisms. However, it lacks explicit privacy and terms of service pages, security policies, incident response contacts, and vulnerability disclosure information. There is room for improvement in security headers, HSTS enforcement, and DNS security. Overall, the site is trustworthy and professional but would benefit from enhanced security and compliance documentation. Strategically, Sindmóveis should focus on improving website performance, implementing comprehensive security headers, publishing clear privacy and terms policies, and enhancing incident response readiness to strengthen trust and compliance with evolving data protection regulations.

J

JTL-Software GmbH

jtl-url.de

63

JTL-Software GmbH is a leading German provider of ERP and e-commerce software solutions tailored for online retailers. With a strong market presence in the DACH region and over 50,000 customers, JTL offers a comprehensive ecosystem including ERP systems, online shop platforms, warehouse management, marketplace integration, and middleware solutions. Their product suite supports B2C, B2B, and D2C business models, emphasizing flexibility and scalability. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates advanced analytics and marketing tools such as Google Tag Manager, Matomo, and Microsoft Clarity. Security-wise, the site employs strong TLS protocols and valid certificates but lacks DNSSEC, HSTS, and CAA records, which are recommended for enhanced security. The company demonstrates strong compliance with GDPR through detailed privacy and cookie policies and uses a robust consent management system. Overall, JTL maintains a high level of professionalism, trustworthiness, and digital maturity, positioning itself as a reliable partner in the e-commerce software market.

J

Just a moment...

webmatch.com

52

The website webmatch.com currently serves a Cloudflare anti-bot challenge page with no visible business content or metadata. There is no evidence of privacy, cookie, or terms of service policies, nor any contact information or social media presence. The DNS configuration is strict with SPF and DMARC rejecting unauthorized emails, but lacks DNSSEC and CAA records. The SSL/TLS configuration is critically deficient with no valid certificate and no modern TLS protocols enabled, exposing the site to potential security risks. Security headers are well implemented, but the lack of HTTPS undermines overall security posture. The site shows no analytics or advertising technologies, and performance metrics indicate no actual content delivery. Overall, the site appears to be either under maintenance, misconfigured, or intentionally restricted by Cloudflare protections, resulting in a poor user experience and low trustworthiness.

R

Reply

vanillareply.com

65

Vanilla Reply, a part of the Reply group, specializes in tailored e-commerce, CMS, and PIM solutions primarily serving the German market. The company leverages strong partnerships with leading technology providers such as Shopware, Sylius, Akeneo, Storyblok, and TYPO3 to deliver integrated and agile digital experiences. Their business model focuses on consulting, custom software development, and cloud-based operations, positioning them as a trusted medium-sized player in the e-commerce sector. Technically, the website employs modern web technologies including Google Tag Manager, reCAPTCHA, OneTrust for cookie consent, and Google Maps API. The hosting is managed via register.it with a valid SSL certificate supporting TLS 1.3 and 1.2, and OCSP stapling enabled. However, performance is somewhat slow with a page load time of over 8 seconds, indicating potential optimization opportunities. The site is well-optimized for mobile and accessibility, with good SEO practices. From a security perspective, the site demonstrates good practices such as strong TLS protocols and no known SSL vulnerabilities. However, it lacks DNSSEC, CAA records, and DMARC, which are recommended for enhanced DNS and email security. The cookie consent mechanism is robust and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, Vanilla Reply presents a professional and trustworthy digital presence with strong business and technical foundations. Strategic improvements in DNS security, email authentication, and performance optimization would further enhance their security posture and user experience.

8

Shopware Agentur 8mylez - Echte Experten aus Deutschland

8mylez.com

68

Security assessment completed with an overall score of 50/100 (unknown risk). 7 high-priority issues should be addressed promptly. Total of 26 security findings identified across all modules.

A

Afternic (GoDaddy Operating Company, LLC)

zenkod.com

53

The website zenkod.com is a domain sales landing page operated under the Afternic marketplace, a GoDaddy branded platform. It offers domain purchase services including price inquiries and buy now options, targeting individuals and businesses seeking premium domain names. The platform leverages modern web technologies such as React and Next.js, hosted on AWS infrastructure, with basic performance and accessibility optimizations. Security posture is weak due to lack of valid SSL certificates and missing security headers, although form protection via Google reCAPTCHA is implemented. The site integrates with trusted partners like Afternic and GoDaddy for domain transactions and payment processing. Overall, the site serves as a professional domain sales interface but requires significant security improvements to enhance trust and compliance.

N

Nagios | Open Source Monitoring and Network Management

nagios.org

60

Security assessment completed with an overall score of 50/100 (unknown risk). 9 high-priority issues should be addressed promptly. Total of 30 security findings identified across all modules.

B

banibis GmbH

banibis.com

57

banibis GmbH is a small Austrian technology company specializing in modular ERP software solutions tailored for small and medium-sized enterprises, particularly in the trade and service sectors. Their cloud-based ERP system offers comprehensive features including CRM, project management, purchasing and sales, and accounting, with a strong emphasis on customization and customer-centric support. The company maintains a professional online presence with clear contact information, social media integration, and compliance with GDPR and cookie consent regulations. Technically, the website is built on WordPress using the Divi theme, enhanced with various plugins for performance optimization, analytics, and user interaction. The infrastructure is hosted via domaintechnik.at, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security shortcomings that could impact user trust and data protection. From a security perspective, while the site implements SPF records and avoids common vulnerabilities like Heartbleed and POODLE, the lack of HTTPS and missing DMARC records are critical gaps. No explicit security or incident response policies are publicly available, which may affect the company's security posture and compliance readiness. Overall, banibis GmbH demonstrates a solid business and technical foundation with room for improvement in security practices. Addressing these vulnerabilities will enhance trust, compliance, and user confidence in their digital offerings.

I

interneX GmbH

internex.de

45

interneX GmbH is a small German company with a basic online presence primarily providing legal and contact information on its website. The company’s market position and detailed business services are not explicitly described, indicating a limited digital footprint. The website is minimalistic, with no advanced content or interactive features, targeting a general audience likely within Germany. Technically, the site is hosted on kasserver.com using Apache with HTTP/2 support and basic CSS styling. Performance is fast, but mobile optimization and accessibility are basic. Security posture shows support for modern TLS protocols without known vulnerabilities, but lacks advanced security headers such as HSTS and OCSP stapling. DNSSEC and DMARC are not implemented, which could expose the domain to DNS and email spoofing risks. Overall, the security score is moderate with room for improvement in compliance and best practices. The website does not include privacy or cookie consent mechanisms, which may impact GDPR compliance. Contact information is clearly provided, but no email addresses or social media links are present. Strategic recommendations include enhancing HTTPS security, implementing DNS and email protections, publishing a vulnerability disclosure policy, and improving privacy compliance to build trust and reduce risk.

P

profihost

profihost.de

57

Profihost is a well-established German managed hosting provider specializing in e-commerce hosting solutions tailored for online shops of various sizes. With 25 years of experience and strategic partnerships with platforms like Shopware, OXID, and Pimcore, they offer a comprehensive portfolio including managed servers, clusters, security services, and performance optimization. Their market position is strong within the German e-commerce hosting niche, supported by verified customer testimonials and a partner program. Technically, the website employs modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager and Consent Manager for analytics and privacy compliance. However, performance is somewhat slow with a load time over 8 seconds. Security posture is basic with no HSTS, OCSP stapling, DNSSEC, or DMARC records, though no critical vulnerabilities were detected. Overall, the company demonstrates a professional and trustworthy online presence with room for security enhancements.

A

Australian Mortgage Awards | Key Media

australianmortgageawards.com.au

57

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

P

PwC-Stiftung

pwc-stiftung.de

53

PwC-Stiftung is a German non-profit foundation focused on promoting economic ethics and cultural education through project funding and its own educational programs. The foundation operates several participatory programs such as Wirtschafts.Forscher!, Hör.Forscher!, and Kultur.Forscher!, targeting schools and students, especially addressing pandemic-related educational gaps and refugee integration. The website is built on WordPress with a moderate technical infrastructure including common plugins for SEO, sliders, and cookie management. Hosting is provided by IONOS, and the site includes structured data for SEO and social media optimization. However, the security posture is weak due to an invalid SSL certificate, lack of modern TLS protocols, and missing security headers and DNS security features. Cookie consent is implemented in compliance with GDPR, enhancing privacy protections. Overall, the site presents a professional and trustworthy image but requires urgent improvements in SSL and security configurations to protect users and data.

P

PricewaterhouseCoopers

pwcplus.de

67

PwC Plus is a specialized knowledge and research platform operated by PricewaterhouseCoopers, targeting primarily financial services professionals with additional focus on healthcare and public services sectors. The platform offers subscription-based access to quality-assured, daily updated content including legal norms monitoring, regulatory insights, and sector-specific modules. The website demonstrates a mature digital presence with multilingual support, user account management, and integration of professional content from trusted partners such as the IFRS Foundation. Technically, the site is hosted on Colt's infrastructure, uses modern TLS protocols, and employs Piwik PRO for analytics with a compliant cookie consent mechanism. Security posture is solid with DMARC enforcement and no critical SSL vulnerabilities, though improvements like enabling HSTS, DNSSEC, and CAA records could enhance security further. No explicit security or incident response policies are published, indicating an area for maturity growth. Overall, PwC Plus presents a professional, trustworthy, and content-rich platform aligned with PwC's global brand standards.

U

United Internet Media

united-internet-media.de

64

United Internet Media is a large, Germany-based exclusive media marketer for United Internet AG brands, offering a wide range of digital advertising and dialog marketing services including programmatic, native, display, video, and email marketing. The website is built on TYPO3 CMS and integrates advanced consent management tools such as PermissionClient and OneTrust, reflecting a mature approach to privacy compliance. Security measures include valid SSL with strong cipher suites, SPF and DMARC records with quarantine policies, though improvements like DNSSEC and HSTS are recommended. The site demonstrates good content quality, navigation, and user experience, targeting advertisers and marketers seeking comprehensive media solutions. Overall, the company maintains a high trustworthiness level with a solid digital presence.

S

Seven.One Entertainment Group GmbH

seven.one

68

Seven.One Entertainment Group GmbH is a leading German media and entertainment company specializing in TV broadcasting, streaming, advertising products, content production, and event and artist management. It operates multiple well-known TV and digital brands and is a subsidiary of ProSiebenSat.1 Media SE. The website demonstrates a mature digital presence with modern technologies such as Liferay CMS, React, and integrated marketing and consent management tools. However, a critical security weakness is the absence of a valid SSL certificate, exposing users to potential risks. The company maintains comprehensive privacy and cookie policies with GDPR compliance and uses consent-based tracking. Overall, the business is positioned strongly in the German media market with a broad portfolio and professional digital infrastructure but needs urgent improvements in security configuration.

S

Score Media Group

score-media.de

55

Score Media Group operates as a national marketing platform for regional media brands in Germany, focusing on regional daily newspapers, their digital and print editions, and associated advertising services. The company holds a strong market position with a portfolio of over 420 regional newspaper titles reaching 62 million readers monthly. Their business model centers on cross-media advertising solutions, combining print, online, and e-paper channels to deliver targeted campaigns for advertisers and agencies. Technically, the website is built on WordPress with modern frameworks like React and uses various plugins and tools such as WPBakery, Slider Revolution, and Google Analytics, indicating a mature digital infrastructure but with room for performance optimization due to high page size and load times. Security-wise, the site supports modern TLS protocols and has valid SPF records but lacks advanced security headers like HSTS and OCSP stapling, and the DMARC policy is set to none, which could expose email spoofing risks. Overall, the site demonstrates good SEO, branding consistency, and user experience but would benefit from enhanced security configurations and clearer contact information.

Q

QUARTER MEDIA – Vermarkter von digitalen Werbeflächen

quartermedia.de

55

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

I

iq digital media marketing gmbh

iqdigital.de

53

iq digital media marketing gmbh is a leading marketing company specializing in advertising for premium German media brands including FAZ Verlag, Handelsblatt Media Group, Süddeutsche Zeitung Verlag, and ZEIT Verlag. The company offers a comprehensive portfolio of digital advertising, programmatic advertising, audio/podcast advertising, newsletter marketing, content marketing, and data targeting services. Their market position is strong, leveraging high-reach, quality media brands to target decision makers and specialized audiences. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted likely on Microsoft Azure, and employs GDPR-compliant consent management and analytics tools. Security posture is good with TLS 1.3 support and valid SPF records, but improvements are recommended in HSTS, DMARC, DNSSEC, and OCSP stapling. Overall, the company demonstrates a mature digital presence with strong privacy and compliance practices.

B

BCN Brand Community Network GmbH

brand-community-network.de

51

BCN Brand Community Network GmbH operates a comprehensive crossmedia marketing network focused on providing advertising solutions across print, digital, and event channels. The company holds a strong market position in Germany with over 300 media brands and 500+ advertising solutions, targeting advertisers and media planners seeking quality reach and brand engagement. The website is built on TYPO3 CMS and integrates modern marketing technologies including Google Tag Manager and a proprietary Smart Stack technology for optimized campaign performance. Security posture is adequate with TLS 1.2 and strong cipher suites but lacks advanced features like HSTS and OCSP stapling. GDPR compliance is well addressed with a dedicated consent management platform. Overall, the digital infrastructure supports a professional and trustworthy user experience, though some security enhancements are recommended.

A

Ad Alliance

ad-alliance.de

61

Ad Alliance is a prominent German media company specializing in advertising solutions across multiple channels including TV, video, print, audio, and digital. It holds a strong market position with key brands and targets decision-maker audiences. The website infrastructure uses a custom CMS hosted on managed IP servers, with moderate performance and good mobile optimization. The security posture is basic with TLS 1.2 enabled and strong cipher suites, but lacks modern features like TLS 1.3, HSTS, and OCSP stapling. Privacy and cookie policies are present and GDPR compliant, supported by a consent management platform. The site integrates Google Analytics and Tag Manager for tracking, with moderate user tracking levels. Contact information and social media presence are comprehensive, enhancing trust and transparency.

D

D4Sign

d4sign.com.br

64

D4Sign is Brazil's leading electronic and digital signature platform, offering a comprehensive SaaS solution that integrates advanced AI capabilities to streamline document signing and contract management. The company serves a broad audience including businesses and individuals, providing secure authentication methods linked to government data for enhanced trust and legal compliance. Technically, the website is built on WordPress with multiple modern plugins and integrates various marketing and analytics tools, hosted on AWS. However, the current SSL/TLS configuration is invalid, posing a significant security risk. The company demonstrates strong market presence with over 500,000 companies trusting its services and certifications such as Great Place To Work and sustainability seals. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms.

P

Prima Estúdio Produções

primaestudio.com.br

51

Prima Estúdio Produções is a Brazilian digital communication company specializing in multimedia production, streaming, web development, and IT services. Established since 2016, it serves a medium-sized client base including notable companies, positioning itself as a reputable service provider in the technology sector. The website reflects a professional digital presence with good SEO and client trust indicators but lacks visible privacy and terms of service policies. Technically, the site is built on WordPress with Themify Ultra theme and uses several plugins including Sendinblue for marketing automation and Google Tag Manager for analytics. However, the site suffers from a lack of valid SSL/TLS configuration, resulting in insecure HTTP delivery and exposing visitors to potential risks. Security posture is weak with missing modern security headers and DNS security features. Cookie consent mechanisms are implemented, indicating some compliance with privacy regulations. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

D

dimension2 economics & philosophy GmbH

dimension2.consulting

64

dimension2 economics & philosophy GmbH is a small German consulting firm specializing in Corporate Digital Responsibility (CDR) and ethical data usage to help businesses gain competitive advantages. Their website presents a professional and well-structured digital presence built on WordPress with modern design elements and SEO optimizations. However, the technical infrastructure shows significant security weaknesses, including the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. The company provides contact primarily through a contact form, with no direct email or phone contacts publicly listed. Privacy policy is present and GDPR compliant, but cookie consent mechanisms and terms of service are missing. Overall, the business is positioned as a niche consulting provider with a focus on trustworthy data practices, but the website's security posture requires urgent improvements to align with best practices and enhance client confidence.

T

TI Inside

esgforum.com.br

52

ESG Forum is a small Brazilian event organizer focused on promoting sustainability and ESG principles through online events. The website serves as a platform to inform and register participants for the ESG Forum 2025 event, targeting corporate professionals and companies interested in environmental, social, and governance topics. The business is positioned as a niche event provider with institutional partners and sponsors, leveraging digital channels for outreach and engagement. Technically, the site is built on WordPress with the Divi theme and uses common plugins for forms, cookie consent, and accessibility. However, the lack of a valid SSL certificate and modern TLS protocols represents a significant security weakness. The site implements basic security measures like SPF and DMARC but lacks advanced protections such as HSTS and OCSP stapling. Analytics and tracking are moderately used via Google Analytics and LinkedIn Insight Tag, with a cookie consent mechanism in place. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

C

Capgo, Inc.

capgo.app

70

Capgo, Inc. is a technology company specializing in providing live Over-the-Air (OTA) update solutions for Capacitor-based mobile applications. Their platform enables developers to push instant updates, fixes, and new features directly to users without the delays associated with app store approvals. Positioned as an innovative and secure solution, Capgo offers both cloud-hosted and self-hosted options, with a strong emphasis on end-to-end encryption and real-time analytics. The company targets development teams seeking efficient app update workflows and enhanced user experience. Their business model includes SaaS offerings, consulting services, and CI/CD pipeline integrations, supported by a transparent trust center and open source code availability.

K

KM Business Information Canada Ltd.

lexpert.ca

64

Lexpert.ca is a leading Canadian legal directory and media platform operated by KM Business Information Canada Ltd. It specializes in providing comprehensive rankings, directories, and news related to lawyers and law firms across various business law sectors including energy, finance, technology, mining, infrastructure, litigation, insolvency, and mergers and acquisitions. The platform targets Canadian businesses seeking qualified legal professionals and offers digital editions, newsletters, and event coverage to support its audience. Technically, the website leverages a modern tech stack including Bootstrap, jQuery, Algolia search, and HubSpot integrations, hosted behind Cloudflare for performance and security. Despite a slow page load time, the site is mobile-optimized and SEO-friendly with consistent branding and good content quality. Security-wise, the site employs a valid SSL certificate, strict DMARC policy, and SPF records, but lacks DNSSEC and HSTS enforcement. The presence of multiple third-party marketing and analytics scripts indicates extensive user tracking, balanced by a robust cookie consent mechanism. Overall, Lexpert.ca demonstrates a mature digital presence with room for security enhancements and performance optimization.

P

pressi.com.br

pressi.com.br

49

The website pressi.com.br currently presents an empty HTML page with no visible content, metadata, or business information. The domain is registered and DNS records are configured with valid A, MX, and NS records, but lacks DNSSEC and CAA security enhancements. The SSL certificate is invalid or missing, resulting in no HTTPS support and exposing the site to potential interception risks. No privacy, cookie, or security policies are published, and no contact or business details are available on the site. The technical infrastructure appears minimal and outdated, with no modern web technologies or analytics detected. Overall, the site exhibits a very low digital maturity and security posture, with significant gaps in compliance and user trust factors.

M

Medienfachverlag Johann Oberauer GmbH

oberauer.com

62

Medienfachverlag Johann Oberauer GmbH is a leading media publishing company in the DACH region specializing in journalism, PR, communication, and printing industry publications and events. The company operates multiple industry magazines, organizes prestigious events and awards, and manages digital portals and job platforms targeting media professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery, WP Rocket, and Google Tag Manager, optimized for performance and SEO but currently lacks a valid SSL certificate, which is a critical security gap. The security posture shows good email authentication practices with SPF and DMARC but misses HTTPS enforcement and advanced DNS security features. Overall, the company demonstrates strong market positioning and digital maturity but should urgently address SSL/TLS issues to protect user data and enhance trust.

J

JET e-Business

jetecommerce.com.br

58

JET e-Business is a Brazilian e-commerce platform provider specializing in high-performance omnichannel solutions for B2C, B2B, D2C, and B2B2C markets. The company offers a comprehensive suite of services including marketplace integrations, storefront customization, search optimization, shipping facilitation, and analytics. Positioned as a strategic partner for e-commerce businesses, JET emphasizes technology, professional support, and customer experience to help clients scale their online operations. The website reflects a medium-sized enterprise with a strong digital presence and a focus on the Brazilian market. Technically, the website is built on WordPress with WPBakery Page Builder and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, Hotjar, and LinkedIn Insight Tag. Hosting and DNS services are provided by Hostinger and Cloudflare respectively. While the site has a valid SSL certificate and implements SPF and DMARC for email security, it lacks advanced DNS security features like DNSSEC and HSTS, and does not have a published security policy or vulnerability disclosure page. From a security perspective, the site demonstrates good baseline practices with valid SSL and email authentication records, but could improve by enabling HSTS, DNSSEC, and publishing explicit security and incident response policies. The presence of multiple tracking scripts indicates extensive user data collection, balanced by a cookie consent mechanism and a comprehensive privacy policy compliant with GDPR. Performance is a concern due to high page load times and large page size, which may impact user experience. Overall, JET e-Business presents a professional and trustworthy e-commerce platform with solid business and technical foundations. Strategic improvements in security hardening and performance optimization are recommended to enhance resilience and user satisfaction.

T

TÜH Staatliche Technische Überwachung Hessen

tueh.de

58

TÜH Staatliche Technische Überwachung Hessen operates as a regional governmental authority providing digital tachograph cards and related services to individuals and businesses in Hessen, Germany. The website serves as an informational and transactional portal offering application forms and guidance for driver cards, company cards, and workshop cards. The organization positions itself as a trusted public service entity within the transportation sector, focusing on compliance and regulatory oversight. Technically, the website is built on TYPO3 CMS, hosted behind Cloudflare DNS and CDN services, and employs standard web technologies including Bootstrap and FontAwesome. Performance is moderate with good mobile optimization and basic accessibility. Security posture is adequate with a valid SSL certificate and cookie consent mechanisms; however, improvements are recommended such as enabling HSTS, DNSSEC, and security headers. No explicit terms of service or vulnerability disclosure policies are present, and contact information is limited to a contact form without direct emails or phone numbers. Analytics usage includes etracker and Google marketing cookies with user consent. Overall, the website demonstrates a professional and trustworthy presence aligned with its public service mission.

S

Sebastian Gepperth

rash.codes

47

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

C

CloserStill Media

dmexcoasia.com

70

The website dmexcoasia.com represents a major upcoming event, eCommerce Expo | DMEXCO Asia, scheduled for October 8-9, 2025 in Singapore. It is organized by CloserStill Media in partnership with Koelnmesse and BVDW, targeting eCommerce and digital marketing professionals in Southeast Asia. The event aims to provide a platform for exhibitors and attendees to connect, generate leads, and share industry insights. Technically, the site uses a variety of modern JavaScript libraries and frameworks including jQuery, Alpine.js, GSAP, and Swiper, hosted on ns-serve.net infrastructure. However, the website suffers from critical security issues including an invalid SSL certificate and lack of TLS protocol support, which significantly undermines its security posture. While HSTS is enabled, other security best practices are missing. The site employs extensive tracking and marketing tools such as Google Analytics, Facebook Pixel, and Microsoft Clarity, indicating a high level of user tracking. Overall, the website is professionally designed with good content relevance and navigation clarity but requires urgent security improvements to protect user data and enhance trust.

D

DATEV eG

datev.com

64

DATEV eG is a leading European software and consulting company specializing in professional support for tax consultancy, auditing, companies, legal advice, and the public sector. The company holds a strong market position as one of Europe's largest software houses, offering over 200 software products and services, including payroll processing for about 14 million payrolls monthly. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding consistency targeting tax professionals and related sectors primarily in Germany. Technically, the site leverages Adobe Experience Manager as its CMS, integrates Adobe Helix RUM for analytics, and uses OneTrust for GDPR-compliant cookie consent management. The hosting infrastructure appears self-managed with dedicated DNS and mail servers, and the site supports modern TLS protocols ensuring secure communications. Security posture is good with strict SPF and DMARC policies, absence of known SSL vulnerabilities, but could be improved by enabling HSTS and OCSP stapling. Overall, the website demonstrates a professional and trustworthy digital footprint aligned with enterprise standards.

K

Koelnmesse GmbH

koelnmesse.com

63

Koelnmesse GmbH is a leading trade fair and event organizer based in Cologne, Germany, with a century-long history since its founding in 1924. The company operates over 80 trade fairs and exhibitions both locally and in key global markets, serving a diverse audience including exhibitors, visitors, and trade fair organizers. Koelnmesse has a strong market position, recognized for its sustainability efforts and industry leadership, including recent awards such as 'Company of the Year' 2025 and 'Pioneer in Sustainability 2024'. Technically, the website employs a modern tech stack including jQuery, OneTrust for privacy management, Google Tag Manager, and various third-party integrations for social media and advertising. Hosting is provided via Amazon AWS infrastructure. Performance is moderate with good mobile optimization and basic accessibility features. SEO practices are good, supporting the company's digital presence. From a security perspective, while email security is well managed with valid SPF and DMARC records, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant vulnerabilities. The site lacks HSTS, OCSP stapling, and other advanced security headers, lowering its overall security posture. No vulnerability disclosure or security.txt files were found, indicating limited transparency in security incident handling. Overall, Koelnmesse presents a professional and trustworthy online presence with strong business credentials but requires urgent improvements in its SSL/TLS configuration and security best practices to protect user data and maintain compliance with modern security standards.

R

Resonanz Digital

resonanz-marketing.com

56

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, SEO, and Google Ads optimization. With over 20 years of experience and a Google Partner certification, the company targets small and medium-sized enterprises, founders, and individual entrepreneurs primarily in the German-speaking market. Their service portfolio includes web design, development, online marketing, and ongoing maintenance, positioning them as a trusted partner for digital presence creation. Technically, the website is built on WordPress using the Avia Framework and integrates various modern web technologies including jQuery and WP Rocket for performance optimization. The hosting infrastructure appears to be on Google Cloud, providing a reliable platform. The site supports multilingual content via WPML and employs structured data for SEO enhancement. Performance is moderate with room for improvement in load times. From a security perspective, the site has correctly configured SPF and DMARC DNS records, indicating good email authentication practices. However, the lack of a valid SSL certificate and absence of TLS protocols represent significant security weaknesses, exposing users to potential data interception risks. The cookie consent mechanism is implemented, supporting GDPR compliance, but the DMARC policy is set to 'none', which could be strengthened. Overall, Resonanz Digital demonstrates a mature digital presence with strong business credibility and customer trust signals. The main risk lies in the missing HTTPS security layer, which should be addressed promptly to protect user data and enhance trust. Strategic improvements in security posture and performance optimization will further solidify their market position.

R

respACT

respact.at

60

respACT is Austria's leading corporate platform for Corporate Social Responsibility (CSR), providing a comprehensive network and resources for businesses committed to sustainable development. The platform offers events, training, publications, and member services targeting companies and organizations interested in CSR and sustainability. Technically, the website is built on the siteswift CMS framework, leveraging modern JavaScript libraries such as jQuery, Swiper.js, and Macy.js, with analytics powered by Matomo and Brevo. The site implements GDPR-compliant cookie consent via Klaro and maintains a valid SSL certificate with strong TLS configurations. Security posture is generally good, with SPF and DMARC records configured, but improvements such as enabling HSTS, OCSP stapling, and DNSSEC are recommended. Overall, respACT demonstrates a mature digital presence with good content quality and user experience, positioning it as a trusted resource in the Austrian CSR ecosystem.

O

OBJENTIS Software Integration GmbH

objentis.com

65

OBJENTIS Software Integration GmbH is an established Austrian IT service provider specializing in software testing consulting, automation, and training. With over 26 years of experience and a portfolio of notable clients including major banks and insurance companies, OBJENTIS positions itself as a trusted partner in the software lifecycle. Their offerings include consulting solutions, innovative driverless test automation products, and tailored training workshops. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, supported by modern web technologies and plugins for search and cookie management. Security-wise, the domain employs valid SPF and DMARC records with strict policies, supports TLS 1.2 and 1.3, and avoids known SSL vulnerabilities. However, improvements are needed in SSL configuration such as enabling HSTS and OCSP stapling, and publishing a security.txt file. Overall, the site demonstrates good digital maturity and professionalism, with moderate performance and good mobile optimization. The presence of client testimonials, certifications, and social media links enhance trust. Strategic recommendations include enhancing HTTPS security headers, formalizing security policies, and improving transparency around incident response.

R

RDV - Ihr Wissensportal für Datenschutz und Digitalisierung

rdv-online.com

66

Security assessment completed with an overall score of 50/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 25 security findings identified across all modules.

C

CEDPO - Confederation of European Data Protection Organisations

cedpo.eu

50

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 30 security findings identified across all modules.

M

MP Agregador, S. de R.L. de C.V.

mercadopago.com.mx

65

Mercado Pago México operates as a leading digital financial services platform under the Mercado Libre group, offering a comprehensive suite of services including digital accounts, credit cards, personal loans, and payment processing solutions tailored for individuals and businesses in Mexico. The platform integrates with Mercado Libre's e-commerce ecosystem, positioning itself as a key player in Latin America's fintech landscape. Technically, the website employs modern web technologies such as React-based frameworks, New Relic monitoring, and various analytics and marketing tools, hosted on Amazon AWS infrastructure with Cloudfront CDN. Security measures include valid SPF and DMARC records, TLS 1.2 and 1.3 support, and absence of major SSL vulnerabilities, although improvements are recommended in HSTS enforcement and OCSP stapling. A subdomain takeover vulnerability was detected on the blog subdomain, representing a potential risk. Overall, the site demonstrates good digital maturity, strong branding, and extensive user tracking for analytics and marketing purposes.

M

MercadoPago S.A.

mercadopago.cl

66

MercadoPago S.A. is a leading digital payment platform in Chile, operating as part of the MercadoLibre ecosystem. The company offers a comprehensive suite of financial services including digital accounts, prepaid Mastercard cards, instant money transfers, and payment acceptance solutions for both individuals and businesses. Its market position is strong, serving a broad audience with a focus on seamless online payment processing and financial management. The website reflects a mature digital infrastructure with modern technologies such as React, New Relic for monitoring, and Google Tag Manager for marketing and analytics. Despite a generally strong security posture with strict DMARC and SPF policies and HSTS enabled, the site has an invalid SSL certificate and a subdomain takeover vulnerability on its blog subdomain, which are critical issues to address. Overall, the platform demonstrates high professionalism, excellent user experience, and good compliance with privacy and cookie policies, but should prioritize remediating its SSL and subdomain security gaps to maintain trust and security.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.

W

Wake Creators

squidit.com.br

67

Wake Creators, formerly known as Squid, is a Brazilian technology company specializing in influencer marketing data and campaign optimization. With a decade of experience, it offers a large influencer database and leverages AI and machine learning to enhance marketing performance. The company operates under the LWSA group and targets brands, advertisers, and influencers seeking data-driven marketing solutions. Technically, the website is built on WordPress using Oxygen builder and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and modern TLS protocols, which poses significant security risks. Email security is well managed with SPF and DMARC policies, and multiple domain verifications indicate active ownership and SEO efforts. Overall, the security posture is weak due to missing HTTPS and security headers, but the business shows maturity in data and marketing technology.

T

Tiki

tiki.com.br

54

Tiki is a Brazilian digital marketing agency specializing in comprehensive marketing services including digital campaigns, social media management, content marketing, web design, and custom systems development. With over 15 years of experience and a portfolio of more than 150 brands, Tiki positions itself as a reliable partner for businesses seeking to enhance their digital presence. The website reflects a mature digital infrastructure utilizing modern frameworks such as Next.js and React, integrated with advanced marketing and consent management tools like RD Station and AdOpt. However, the absence of a valid SSL certificate and lack of advanced security headers indicate significant security gaps that could expose users to risks. The company demonstrates good privacy compliance with clear policies and consent mechanisms, but should prioritize securing its web infrastructure. Overall, Tiki presents a professional and trustworthy image with a strong focus on client growth and digital innovation.

O

Ouvidor Digital

ouvidordigital.com.br

53

Ouvidor Digital is a Brazilian technology company specializing in digital compliance solutions, primarily offering a whistleblower channel platform designed to reduce fraud and workplace harassment. Positioned as an innovative market player, it leverages AI and official WhatsApp Business API to provide accessible, secure, and anonymous reporting channels. The company targets medium to large enterprises, focusing on compliance, HR, legal, and financial managers. Technically, the website is built on WordPress with the Divi theme, hosted on AWS infrastructure, and integrates multiple analytics and marketing tools. However, the site lacks a valid SSL certificate, which poses a significant security risk. Security policies are robust in terms of compliance frameworks and certifications, but technical security configurations need improvement. Overall, the company demonstrates strong market positioning with comprehensive content and trust signals but should address critical security vulnerabilities to enhance trust and compliance.

B

Bundler Solutions AB

bundlersolutions.com

56

Bundler Solutions AB operates a technology platform that enables resellers to offer multiple subscription services through a single integration, streamlining distribution partnerships. Positioned as a scalable and efficient solution, the company targets resellers and content providers seeking to expand their product portfolios with minimal technical overhead. The business is part of the Adtraction Group and maintains partnerships with notable brands such as NordVPN, Storytel, and Readly. Technically, the website leverages modern JavaScript frameworks, AWS DNS hosting, and Google Tag Manager for analytics and marketing. Performance is moderate with room for optimization. Security posture is good with strong TLS configurations and SPF/DMARC email protections; however, improvements are needed in HSTS enforcement, OCSP stapling, DNSSEC, and certificate transparency compliance. Overall, the website presents a professional and trustworthy front with clear contact information and privacy compliance mechanisms.

F

Flywheel

flywheelsites.com

63

Flywheel is a managed WordPress hosting provider targeting designers and creative agencies, offering a premium hosting service designed to simplify WordPress site management and scaling. The website analyzed is password protected, indicating restricted access likely for client or internal use. The business positions itself as a specialized hosting company with a focus on security, speed, and ease of use for its target audience. The presence of a valid SSL certificate and password protection demonstrates a baseline security posture, though the lack of advanced security headers and policies suggests room for improvement. Technically, the site uses Varnish caching and is hosted on infrastructure leveraging Amazon AWS DNS services. The website content is professional and consistent with Flywheel's branding, but lacks public-facing privacy, cookie, or terms of service documents, which are important for compliance and trust. Contact information is limited to a support email address. Overall, the digital maturity is moderate with good technical foundations but limited transparency and advanced security practices.

E

Explorify Motorcycle Rentals

clubxplorer.com

58

Club Xplorer, operated by Explorify Motorcycle Rentals, is a specialized travel and vehicle rental platform offering guided and self-guided tours worldwide. Their services include motorcycle, car, RV, and ATV rentals, targeting adventure travelers seeking curated motorized travel experiences. The company positions itself as a global provider with a focus on convenience and comprehensive travel options, supported by a multi-channel online presence and e-commerce capabilities. Technically, the website is built on WordPress with Astra theme and Yoast SEO, leveraging Google Tag Manager and Facebook Pixel for marketing and analytics. However, the site lacks a valid SSL certificate and modern security configurations, which poses risks to user data and trust. Privacy and cookie policies are not explicitly found, indicating compliance gaps. Overall, the business demonstrates good content quality and user experience but requires urgent security and compliance improvements to enhance trust and protect customer data.

开

开鲸云

kaiwhale.com

61

Kaiwhale (开鲸云) is a Chinese cloud service provider specializing in enterprise outbound cloud network management solutions. Their offerings include exclusive clean IPs for account management, AI large model computing resources, e-commerce dedicated VPS, and enterprise-grade outbound acceleration SD-WAN. The company targets enterprises engaged in cross-border e-commerce and AI computing, positioning itself as a niche cloud provider for outbound business needs. Technically, the website is built using Vue.js and PrimeVue components, hosted likely on Alibaba Cloud infrastructure. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. There are no advanced security headers or DNS security features implemented, and no visible contact or incident response information is provided. Overall, the business shows moderate digital maturity but requires urgent improvements in security and compliance to build trust and protect customer data.

Q

Qwist GmbH

qwist.com

63

Qwist GmbH is a leading open finance platform operating primarily in the DACH and Iberian markets, offering a comprehensive suite of B2B2X financial technology products. Their key offerings include digital account and portfolio switching, open banking compliance solutions, financial data analytics, and digital lending integration. The company positions itself as the #1 open finance company in its region, serving major banks and financial institutions with a strong investor backing from Finch Capital and Finleap. Technically, the website is built on WordPress with the Divi theme and leverages modern marketing and analytics tools such as HubSpot, Matomo, and SalesLoft. The site employs GDPR-compliant cookie consent via Cookiebot and maintains a valid SSL certificate, although some security enhancements like HSTS and DNSSEC are absent. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, Qwist demonstrates solid foundational practices including SPF and DMARC email protections and encrypted communications. However, the absence of advanced DNS security measures and a public security or incident response policy suggests room for improvement. No critical vulnerabilities were detected in the current analysis. Overall, Qwist presents a professional and trustworthy digital presence aligned with its market leadership in open finance. Strategic security enhancements and transparency in incident response would further strengthen its risk posture and customer confidence.