Security Directory

I

Início | Streaming Academy Abotts

streamingladies.com.br

50

The website streamingladies.com.br currently presents an HTTP 429 error indicating that it is not accessible due to too many requests or rate limiting. The site lacks any metadata, structured data, or business information, and does not provide contact details, privacy policies, or terms of service. Technically, the site uses JavaScript with the LitElement framework and includes a Chrome Dino game clone script, but the SSL certificate is invalid and no modern TLS protocols are enabled, resulting in a poor security posture. There are no security headers or DNS security configurations in place. Performance is slow and content is minimal, leading to a poor user experience and low trustworthiness. Overall, the site appears to be down or blocked, providing no meaningful business or user information.

N

norisbank GmbH

norisbank.de

57

norisbank GmbH is a direct bank subsidiary of Deutsche Bank Gruppe, headquartered in Bonn, Germany. The company offers a range of financial products including credit, checking accounts (Girokonto), savings accounts (Tagesgeld), credit cards, and securities depot services. The website demonstrates a strong market position with multiple awards and certifications, targeting private customers, business clients, students, and youth. The business model focuses on digital banking services with an emphasis on online and mobile banking platforms. Technically, the website is built on Adobe Experience Manager with integrations for Adobe Analytics and Usercentrics for consent management, reflecting a mature digital infrastructure. However, the website currently lacks a valid SSL/TLS certificate, which is a critical security vulnerability. Email security is well configured with SPF and DMARC policies. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, but requires urgent improvements in SSL security to protect user data and maintain trust.

B

Berenberg

berenberg.com

65

Berenberg is a historic and well-established financial institution founded in 1590, headquartered in Hamburg, Germany, with a strong presence across Europe and the United States. The company offers a comprehensive suite of financial services including investment banking, corporate banking, asset management, and fund management. It is recognized as one of Europe's leading advisors with a large equity research team covering over 800 European companies. The website reflects a mature digital presence with detailed business information, multiple international office locations, and a focus on client service and sustainability. Technically, the website employs modern web technologies such as JavaScript frameworks, SVG graphics, lazy loading, and structured data for SEO. Hosting is on Microsoft Azure with DNS managed by Colt, and the SSL configuration is robust with TLS 1.2 and strong cipher suites. Cookie consent is managed via CookieFirst, ensuring compliance with privacy regulations. However, there is room for improvement in security headers and protocols, such as enabling HSTS, DNSSEC, and TLS 1.3. From a security perspective, the site demonstrates good practices including SPF and DMARC email protections, OCSP stapling, and no detected SSL vulnerabilities. The privacy policy and cookie consent mechanisms are comprehensive and GDPR compliant. No explicit incident response or vulnerability disclosure pages were found, which could be enhanced to improve transparency and security posture. Overall, Berenberg's website and digital infrastructure reflect a high level of professionalism and trustworthiness, supporting its position as a major player in the financial services sector. Strategic improvements in security protocols and transparency could further strengthen its risk management and client confidence.

F

Finstar AG

finstar.ch

69

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

S

SCHUFA

schufa.de

48

SCHUFA is a major German credit bureau specializing in credit scoring and risk assessment services for consumers and businesses. The website is currently protected by a FriendlyCaptcha challenge, indicating active bot mitigation measures. However, the site lacks visible privacy, cookie, or terms of service policies on the captcha landing page, and no direct contact information is provided. The DNS configuration shows strong email authentication with SPF and DMARC policies, but the SSL/TLS configuration is critically lacking, with no valid certificate or secure protocols enabled. This presents a significant security risk for users and the business. The technical infrastructure relies on external captcha services and is hosted via United Domains nameservers. Performance is moderate but user experience and content quality are poor due to the captcha gate and lack of accessible content.

D

DKB Grund GmbH

dkb-grund.de

61

DKB Grund GmbH is a German real estate company specializing in property sales, financing, insurance, and investment services. With over 25 years of experience, it serves private and commercial clients across Germany. The website presents a comprehensive portfolio of services including property valuation, financing certificates, and energy-saving advice, supported by a strong regional presence and recognized industry partnerships. Technically, the site uses modern web technologies and analytics tools but currently lacks a valid SSL certificate, which impacts its security posture. The company demonstrates good GDPR compliance with a clear privacy and cookie policy and employs consent management tools. However, there is no explicit security policy or incident response information available. Overall, the website is professionally designed, user-friendly, and trustworthy, but the lack of HTTPS is a critical security gap that should be addressed promptly.

S

Saulės spektras, UAB

auto.lt

50

Auto.lt is a Lithuanian online business directory specializing in automotive-related companies and services. It offers comprehensive search capabilities, user reviews, expert advice, job listings, and map-based navigation to serve both businesses and consumers in Lithuania's automotive sector. The platform is operated by Saulės spektras, UAB, positioning itself as a key local player with a consistent brand and good content quality. Technically, the website uses modern JavaScript libraries, Google Analytics, and a custom CMS hosted by Hostex. While the site supports TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, it lacks DNSSEC, HSTS, and OCSP stapling, which are recommended for enhanced security. The cookie and privacy policies are comprehensive and GDPR compliant, with active consent mechanisms. Performance is moderate to slow due to large page size and resource count, but mobile optimization and SEO are well addressed. Overall, the site demonstrates a solid digital presence with room for security and performance improvements.

S

Saulės spektras, UAB

turizmas.lt

44

Turizmas.lt is a Lithuanian tourism portal operated by Saulės spektras, UAB, providing a comprehensive directory of travel-related services including accommodation, rural tourism, travel agencies, and leisure activities. The platform targets both local and international tourists seeking detailed information and booking options within Lithuania. The website demonstrates a solid market position as a national tourism information hub with a medium-sized business model based on listings and advertising revenue. Technically, the site uses a modern but somewhat traditional tech stack including Google Analytics, Bootstrap, and CKEditor, hosted by Hostex.lt. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site employs a valid SSL certificate with strong cipher suites but lacks advanced DNS security features such as DNSSEC and CAA records. Cookie and privacy policies are comprehensive and GDPR compliant, with a consent mechanism implemented. However, there is no visible terms of service or incident response policy. Overall, the site is professional, trustworthy, and well-branded, but could improve security posture and transparency in some areas.

S

Saulės spektras, UAB

medicina.lt

43

Medicina.lt is a Lithuanian healthcare information portal operated by Saulės spektras, UAB, providing a comprehensive directory of medical institutions, pharmacies, medical equipment suppliers, and expert advice. The site targets Lithuanian healthcare consumers seeking medical services, products, and professional guidance. It holds a strong market position as a trusted source for healthcare-related information with multilingual support and user engagement features such as reviews and Q&A with experts. Technically, the site uses a custom CMS with JavaScript libraries, Google Analytics, and Google Maps API, hosted by Hostex. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to an invalid SSL certificate and lack of HTTPS, no DNSSEC, and missing security headers, which poses risks to user data confidentiality and trust. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms implemented. Overall, Medicina.lt is a well-established healthcare portal with room for critical security improvements to protect users and enhance trust.

S

Saulės spektras, UAB

statyba.lt

48

Statyba.lt is a comprehensive Lithuanian online business directory specializing in the construction sector, offering company listings, expert advice, job postings, and industry articles. Operated by Saulės spektras, UAB, it serves as a key platform for connecting construction-related businesses and consumers in Lithuania. The website demonstrates a solid market position with a broad range of services and active content updates. Technically, the site uses modern JavaScript frameworks, Google Analytics, and Google Fonts, hosted by Hostex, but suffers from slow load times due to large page size and resource count. Security-wise, it employs TLS 1.2 with strong cipher suites but lacks TLS 1.3, HSTS, OCSP stapling, and DNSSEC, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with clear user consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile use, though performance improvements are advisable.

A

ApexBrasil

investinbrasil.com.br

54

ApexBrasil operates as the Brazilian government's official trade and investment promotion agency, providing comprehensive support and information to international investors interested in Brazil. The website serves as a detailed portal showcasing Brazil's economic strengths, key investment sectors, and regional opportunities, positioning ApexBrasil as a critical facilitator for foreign direct investment. Technically, the site is built on Adobe Experience Manager, leveraging Adobe's marketing and analytics tools, but suffers from critical SSL/TLS misconfigurations that undermine its security posture. While security headers are partially implemented, the absence of a valid SSL certificate and modern TLS protocols presents significant risks. Contact information is clearly presented with official emails and physical addresses, enhancing trust. However, the lack of visible privacy, cookie, and terms of service policies indicates compliance gaps. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain credibility.

S

Sendcloud

sendcloud.dev

52

Sendcloud is a technology company specializing in shipping automation and logistics integration through a developer-focused API platform. Their developer portal provides comprehensive API documentation and supports integration with over 50 platforms and 80 carriers, positioning them as a significant player in the e-commerce shipping technology sector. The website targets developers and businesses looking to streamline shipping processes via API integrations. Technically, the site is built using the Hugo static site generator, hosted on AWS infrastructure, and employs modern TLS protocols with a wildcard SSL certificate. Performance is moderate with good mobile optimization and basic SEO and accessibility features. Security posture is solid with no known SSL vulnerabilities and support for TLS 1.3, but lacks advanced security headers, HSTS, DMARC, and OCSP stapling. The site includes a cookie consent mechanism and links to a privacy policy but lacks visible terms of service, security policy, or incident response information. Overall, the site demonstrates a good level of professionalism and trustworthiness but could improve security and compliance transparency.

G

group.one

jobs.one

62

group.one is a large technology company operating primarily in the DACH region, providing a broad range of IT services including domain registration, web hosting, cloud servers, digital marketing, and SaaS solutions. The company supports over 1,300 employees and serves more than one million customers through multiple brands. Their market position is strong with a diversified portfolio of partner brands and a focus on customer success and team development. Technically, the website uses modern web technologies including a Teamtailor recruitment widget and a consent management platform, but lacks a valid SSL certificate and several security best practices, which impacts the overall security posture. The cookie consent mechanism and privacy notice indicate good GDPR compliance, but the absence of security policies and incident response information suggests room for improvement in security governance. Overall, the website is professionally designed with good user experience and trust indicators, but the technical security gaps present a moderate risk that should be addressed.

S

Ströer Media Deutschland GmbH

stroeer-direkt.de

58

Ströer Media Deutschland GmbH operates as a leading regional online and outdoor advertising provider in Germany, offering a broad portfolio of advertising media including street, station, shopping center, and airport placements, as well as digital marketing services such as Google Ads, SEO, and native advertising. The company holds a strong market position as a major German advertising marketer with exclusive media spaces across cities and municipalities. Technically, the website is built on WordPress with a custom theme and plugins, leveraging Matomo for privacy-conscious analytics and Klaro for cookie consent management. However, the site lacks a valid SSL certificate and modern TLS configurations, which poses a significant security risk. The DNS setup uses Cloudflare but does not implement DNSSEC or CAA records, further limiting DNS security. While privacy compliance is well addressed through cookie consent and a comprehensive privacy policy, the absence of terms of service, security policies, and incident response information indicates gaps in transparency and security governance. Overall, the website demonstrates good content quality, user experience, and branding consistency but requires urgent improvements in transport security and security headers to protect user data and enhance trust.

P

PwC-Stiftung

galerie-pwc-stiftung.de

61

The PwC-Stiftung website galerie-pwc-stiftung.de serves as a digital gallery and archive showcasing 20 years of cultural and educational projects and programs supported by the PwC-Stiftung foundation in Germany. The foundation focuses on promoting cultural education and youth engagement through funding and running various initiatives. The website is professionally designed with good content relevance and navigation, targeting educational institutions, cultural organizations, and youth audiences. Technically, the site uses modern web technologies with deferred JavaScript and CSS, hosted on a provider identified as netzhaut. Security posture is moderate with valid TLS protocols but lacks advanced security features such as HSTS, DNSSEC, and DMARC, which are recommended for improvement. Privacy policy is present and GDPR compliant, but no cookie consent mechanism or terms of service are found. Overall, the site is trustworthy and well-positioned as a non-profit educational foundation's digital presence.

F

Free email accounts with mail.com | Log in here or register today

mail.com

75

mail.com operates as a webmail service provider offering email hosting and access services to a broad audience. The website content analyzed is primarily a consent management page, indicating a focus on privacy compliance mechanisms, although no explicit privacy policy or terms of service were found on this page. The business appears to be established with a large user base, leveraging DNS infrastructure managed by GMX DNS servers and employing standard email security protocols such as SPF and DMARC with a quarantine policy. From a technical perspective, the website uses JavaScript-based consent management scripts and iframe sandboxing to handle cookie consent. However, the SSL/TLS configuration is critically lacking, with no valid certificate and no enabled TLS protocols, which severely impacts secure communications. DNSSEC is not enabled, and CAA records are malformed, indicating gaps in DNS security hardening. Performance is slow with a high page load time and moderate resource usage. Security posture shows strengths in email authentication (SPF, DMARC) and HSTS enforcement with preload, but major weaknesses in SSL/TLS deployment and DNS security. No security policy or incident response contacts are published, limiting transparency and readiness. Overall, the site demonstrates moderate trustworthiness but requires urgent improvements in SSL/TLS and DNS security to protect user data and maintain compliance. Strategic recommendations include immediate renewal and proper configuration of SSL certificates, enabling modern TLS protocols, fixing DNS CAA records, enabling DNSSEC, and publishing comprehensive privacy and security policies. Enhancing these areas will improve user trust, compliance posture, and reduce risk exposure.

S

SevenVentures GmbH

sevencommerceandventures.com

51

SevenVentures GmbH, as the investment arm of ProSiebenSat.1 Media SE, operates a comprehensive media-for-equity and media-for-revenue investment platform targeting consumer-oriented start-ups and growth companies primarily in the DACH region. The company leverages the extensive media reach of ProSiebenSat.1's premium TV, digital, and influencer networks to boost brand awareness and accelerate growth for its portfolio companies. Technically, the website is built on modern frameworks like Next.js and React, hosted on AWS, and employs standard web performance and SEO practices. Security posture is moderate with support for TLS 1.3 and OCSP stapling but lacks some critical security headers and HSTS enforcement. No explicit security or incident response policies were found, indicating potential areas for improvement. Overall, SevenVentures presents a professional, well-branded, and content-rich platform with strong market positioning in media-driven venture investments.

S

Seven.One Studios

sevenonestudios.com

64

Seven.One Studios is a leading German-based media company specializing in the creation and distribution of entertainment content including scripted and unscripted TV shows, films, and branded content. It operates as part of the larger ProSiebenSat.1 Media SE group, positioning itself strongly in the European and global media markets. The company serves global networks and digital platforms with a diverse portfolio of popular formats and productions. Technically, the website is built on WordPress and integrates modern web technologies including Usercentrics for consent management and Tealium for tag management, reflecting a moderate level of digital maturity. Performance is moderate with good mobile optimization and SEO practices. Security-wise, the site supports modern TLS protocols and has SPF and DMARC email protections but lacks advanced SSL features such as HSTS, OCSP stapling, and DNSSEC, which are recommended for enhanced security. Overall, the company maintains a professional online presence with clear contact and compliance information, but could improve its security posture to reduce risk.

H

Hostinger

hostinger.com.br

63

Hostinger is a well-established global web hosting and domain registration provider founded in 2004, serving over 3 million users worldwide. The company offers a comprehensive suite of services including shared hosting, VPS, cloud hosting, WordPress optimized hosting, domain registration, and AI-powered website builders. Their market position is strong, supported by numerous trust indicators such as WordPress.org recommendation, Trustpilot reviews, and a 30-day refund policy. Technically, Hostinger employs modern web technologies including Nuxt.js and Vue.js, with integrations for Google Tag Manager, Microsoft Clarity, and Bing Ads, indicating a mature digital infrastructure. Security measures include valid SSL certificates, SPF and DMARC records with strict policies, though improvements can be made by enabling HSTS and DNSSEC. Overall, Hostinger demonstrates a solid security posture with no evident vulnerabilities and a good compliance level. The website is professionally designed, optimized for mobile, and provides a seamless user experience with clear navigation and comprehensive content. Strategic recommendations include enhancing security headers, implementing DNSSEC, and maintaining regular audits of third-party scripts to further strengthen security and trust.

H

Hi, I'm Tobias. | rixx.de

rixx.de

47

The website rixx.de serves as a personal hub for Tobias, an open source software author, conference speaker, and community organizer primarily in the technology sector. The site highlights his projects, blog posts, and involvement in events such as Chaos Communication Congress and DjangoCon Europe. The business model centers on personal branding and community engagement rather than commercial transactions. Technically, the site is built with standard web technologies including HTML, CSS, and JavaScript, with hosting provided by INWX. Performance is moderate, and SEO is well addressed through metadata, but mobile optimization and accessibility are basic. Security posture is weak due to the absence of a valid SSL certificate, lack of TLS support, missing security headers, and no DNSSEC. SPF is configured correctly, but other email authentication and security mechanisms are minimal. No privacy, cookie, or terms policies are published, and no contact information is explicitly provided on the site. Overall, the site is trustworthy for its niche audience but requires significant security and compliance improvements to enhance user trust and data protection.

L

LWND Kreativagentur GmbH

lwnd.com

50

LWND Kreativagentur GmbH is a small Austrian creative agency specializing in providing customized teams of specialists across various disciplines to drive brand success. The company positions itself as a modern and innovative agency with a strong focus on digital marketing, branding, campaigns, and UX design. Their website showcases a comprehensive portfolio of services, detailed case studies, and a professional team presentation, targeting brands and companies seeking tailored creative solutions. Technically, the website uses common web technologies such as jQuery, Swiper, and Google reCAPTCHA, hosted on Hetzner infrastructure. However, the site suffers from a critical security weakness due to the absence of a valid SSL/TLS certificate and lack of HTTPS support, which undermines user trust and data protection. DNS and email security configurations are properly implemented with SPF and DMARC policies. Overall, the website demonstrates excellent content quality and branding consistency but requires urgent security improvements to protect user data and comply with best practices.

B

Berenberg

berenberg.de

65

Berenberg is a historic private bank and financial services provider founded in 1590 in Hamburg, Germany. It offers wealth management, asset management, corporate banking, and investment banking services to a diverse clientele including wealthy private clients, corporations, and institutional investors. The bank maintains a strong market position in Europe and the US with multiple offices and a broad service portfolio. Technically, the website employs modern web technologies with good performance and mobile optimization, supported by a robust SSL configuration and DNS setup. Security practices include SPF and DMARC email protections, OCSP stapling, and strong cipher suites, though improvements such as enabling HSTS and DNSSEC could enhance security further. Overall, Berenberg demonstrates a mature digital presence with strong trust indicators and compliance with GDPR and cookie consent regulations.

N

N26 SE

n26.com

72

N26 SE is a leading mobile-first bank headquartered in Germany, operating with a full German banking license and serving over 8 million customers across 24 markets. The company offers a range of financial products including free and premium bank accounts, instant savings linked to the European Central Bank rate, stock and ETF trading, and crypto investment powered by Bitpanda. Their digital-first approach is supported by a modern technology stack including React, Contentful CMS, and AWS hosting, ensuring a seamless and mobile-optimized user experience. Security is a core focus, with BaFin supervision, deposit protection up to €100,000, and advanced payment authentication methods such as 3D Secure and biometric verification. The website demonstrates strong privacy compliance with GDPR-aligned policies and cookie consent management via OneTrust. However, there are areas for improvement such as enabling HSTS, OCSP stapling, DNSSEC, and publishing a security.txt for vulnerability disclosure. Overall, N26 presents a mature digital banking platform with a solid security posture and a high level of trustworthiness in the fintech market.

A

Afternic (GoDaddy Operating Company, LLC)

zenkod.com

53

The website zenkod.com is a domain sales landing page operated under the Afternic marketplace, a GoDaddy branded platform. It offers domain purchase services including price inquiries and buy now options, targeting individuals and businesses seeking premium domain names. The platform leverages modern web technologies such as React and Next.js, hosted on AWS infrastructure, with basic performance and accessibility optimizations. Security posture is weak due to lack of valid SSL certificates and missing security headers, although form protection via Google reCAPTCHA is implemented. The site integrates with trusted partners like Afternic and GoDaddy for domain transactions and payment processing. Overall, the site serves as a professional domain sales interface but requires significant security improvements to enhance trust and compliance.

P

PricewaterhouseCoopers

pwcplus.de

67

PwC Plus is a specialized knowledge and research platform operated by PricewaterhouseCoopers, targeting primarily financial services professionals with additional focus on healthcare and public services sectors. The platform offers subscription-based access to quality-assured, daily updated content including legal norms monitoring, regulatory insights, and sector-specific modules. The website demonstrates a mature digital presence with multilingual support, user account management, and integration of professional content from trusted partners such as the IFRS Foundation. Technically, the site is hosted on Colt's infrastructure, uses modern TLS protocols, and employs Piwik PRO for analytics with a compliant cookie consent mechanism. Security posture is solid with DMARC enforcement and no critical SSL vulnerabilities, though improvements like enabling HSTS, DNSSEC, and CAA records could enhance security further. No explicit security or incident response policies are published, indicating an area for maturity growth. Overall, PwC Plus presents a professional, trustworthy, and content-rich platform aligned with PwC's global brand standards.

C

Capgo, Inc.

capgo.app

70

Capgo, Inc. is a technology company specializing in providing live Over-the-Air (OTA) update solutions for Capacitor-based mobile applications. Their platform enables developers to push instant updates, fixes, and new features directly to users without the delays associated with app store approvals. Positioned as an innovative and secure solution, Capgo offers both cloud-hosted and self-hosted options, with a strong emphasis on end-to-end encryption and real-time analytics. The company targets development teams seeking efficient app update workflows and enhanced user experience. Their business model includes SaaS offerings, consulting services, and CI/CD pipeline integrations, supported by a transparent trust center and open source code availability.

T

TÜH Staatliche Technische Überwachung Hessen

tueh.de

58

TÜH Staatliche Technische Überwachung Hessen operates as a regional governmental authority providing digital tachograph cards and related services to individuals and businesses in Hessen, Germany. The website serves as an informational and transactional portal offering application forms and guidance for driver cards, company cards, and workshop cards. The organization positions itself as a trusted public service entity within the transportation sector, focusing on compliance and regulatory oversight. Technically, the website is built on TYPO3 CMS, hosted behind Cloudflare DNS and CDN services, and employs standard web technologies including Bootstrap and FontAwesome. Performance is moderate with good mobile optimization and basic accessibility. Security posture is adequate with a valid SSL certificate and cookie consent mechanisms; however, improvements are recommended such as enabling HSTS, DNSSEC, and security headers. No explicit terms of service or vulnerability disclosure policies are present, and contact information is limited to a contact form without direct emails or phone numbers. Analytics usage includes etracker and Google marketing cookies with user consent. Overall, the website demonstrates a professional and trustworthy presence aligned with its public service mission.

S

Sebastian Gepperth

rash.codes

47

The website rash.codes represents a personal brand and portfolio of Sebastian Gepperth, a software developer and designer specializing in open source projects and freelance coding services. The site targets developers and potential clients interested in modern web technologies and open source contributions. The business model revolves around personal branding and showcasing expertise to attract freelance opportunities. Technically, the site uses a modern frontend stack including Vue.js and Vitepress, hosted on a Hetzner server. However, the site lacks a valid SSL certificate and does not implement HTTPS, which is a significant security concern. DNS records show partial email security with SPF and DMARC configured, including an abuse contact email for incident reporting. Overall, the security posture is weak due to missing TLS, HSTS, and DNSSEC, exposing the site to potential interception and spoofing risks. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

R

Resonanz Digital

resonanz-marketing.com

56

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, SEO, and Google Ads optimization. With over 20 years of experience and a Google Partner certification, the company targets small and medium-sized enterprises, founders, and individual entrepreneurs primarily in the German-speaking market. Their service portfolio includes web design, development, online marketing, and ongoing maintenance, positioning them as a trusted partner for digital presence creation. Technically, the website is built on WordPress using the Avia Framework and integrates various modern web technologies including jQuery and WP Rocket for performance optimization. The hosting infrastructure appears to be on Google Cloud, providing a reliable platform. The site supports multilingual content via WPML and employs structured data for SEO enhancement. Performance is moderate with room for improvement in load times. From a security perspective, the site has correctly configured SPF and DMARC DNS records, indicating good email authentication practices. However, the lack of a valid SSL certificate and absence of TLS protocols represent significant security weaknesses, exposing users to potential data interception risks. The cookie consent mechanism is implemented, supporting GDPR compliance, but the DMARC policy is set to 'none', which could be strengthened. Overall, Resonanz Digital demonstrates a mature digital presence with strong business credibility and customer trust signals. The main risk lies in the missing HTTPS security layer, which should be addressed promptly to protect user data and enhance trust. Strategic improvements in security posture and performance optimization will further solidify their market position.

B

Bundler Solutions AB

bundlersolutions.com

56

Bundler Solutions AB operates a technology platform that enables resellers to offer multiple subscription services through a single integration, streamlining distribution partnerships. Positioned as a scalable and efficient solution, the company targets resellers and content providers seeking to expand their product portfolios with minimal technical overhead. The business is part of the Adtraction Group and maintains partnerships with notable brands such as NordVPN, Storytel, and Readly. Technically, the website leverages modern JavaScript frameworks, AWS DNS hosting, and Google Tag Manager for analytics and marketing. Performance is moderate with room for optimization. Security posture is good with strong TLS configurations and SPF/DMARC email protections; however, improvements are needed in HSTS enforcement, OCSP stapling, DNSSEC, and certificate transparency compliance. Overall, the website presents a professional and trustworthy front with clear contact information and privacy compliance mechanisms.

P

Playbook Digital, Inc.

playbook.com

67

Playbook Digital, Inc. operates Playbook.com, a SaaS platform focused on creative file management and media storage targeted at designers and creative teams. The company positions itself as a modern, all-in-one media library offering extensive storage, collaboration, AI-powered search, and mini-app integrations. The platform is trusted by notable brands and over 2 million creatives, indicating a strong market presence in the creative technology sector. Technically, the website is built on the Ghost CMS platform, leveraging modern JavaScript libraries and third-party services such as Cloudflare for DNS and CDN, and integrates multiple marketing and analytics tools including Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. However, the website suffers from critical security issues including an invalid SSL certificate and lack of TLS support, which undermines user trust and data security. The DNS configuration is solid with SPF and DMARC policies properly set, but DNSSEC is not enabled, and CAA records are malformed. Overall, while the business demonstrates strong branding, market positioning, and digital maturity, the security posture requires urgent improvements to protect user data and maintain compliance.

微

微博

weibo.com

55

Weibo is a leading Chinese social media platform offering real-time information sharing, social interaction, and content discovery services. It holds a strong market position in China as a major media platform with a large user base and extensive content offerings including video and trending topics. The platform targets Chinese internet users, content creators, and social media enthusiasts, operating primarily on an advertising-driven business model. Technically, the site uses modern web technologies such as Vue.js and ECharts but suffers from slow load times and lacks a valid SSL certificate, impacting user trust and security. Security posture is moderate with proper SPF and DMARC DNS records but missing critical SSL/TLS configurations and security headers. Overall, the platform demonstrates good content quality and user experience but requires significant improvements in security and performance to enhance trust and compliance.

K

KM Business Information Australia Pty Ltd

brokernews.com.au

65

Australian Broker News, operated by KM Business Information Australia Pty Ltd, is a specialized online media platform delivering mortgage industry news, insights, and premium content targeted at Australian mortgage brokers and finance professionals. The website serves as a leading source of industry updates, lender product news, and expert commentary, positioning itself as a trusted resource within the Australian finance sector. The business model revolves around content publishing, premium subscriptions, event coverage, and advertising revenue. Technically, the site leverages modern JavaScript libraries, Algolia search, and Google advertising technologies, hosted behind Cloudflare DNS services. However, the website exhibits a slow load time and lacks a valid SSL certificate, which impacts user trust and security posture. Security configurations include valid SPF and DMARC email protections but lack DNSSEC and modern TLS implementations. The absence of published security policies and incident response information indicates a gap in transparency and readiness. Overall, the site maintains good content quality and user experience but requires significant improvements in security and performance to enhance trust and compliance.

J

Johann Oberauer GmbH

campaigngermany.de

49

Campaign Germany is a well-established German media service focused on delivering daily industry news and insights for the advertising, marketing, and media sectors. The website offers subscription services, newsletters, job listings, and advertising opportunities, targeting professionals within the German media industry. The company operates under Johann Oberauer GmbH and maintains a consistent brand presence with a good quality content offering. Technically, the site is built on the Newsroom CMS and uses technologies such as nginx, Google Tag Manager, and Google Publisher Tags for advertising. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While privacy policies and terms of service are present and GDPR compliant, there is no cookie consent mechanism implemented. The site uses standard security headers but misses advanced protections like HSTS and DNSSEC. Overall, the website demonstrates moderate trustworthiness and professionalism but requires urgent security improvements to protect user data and enhance compliance.

C

Clay Paky s.r.l.

e-assist.tech

54

Clay Paky s.r.l. operates the e-assist.tech website, providing an entertainment after sales service information support tool primarily targeting professionals in the entertainment industry. The platform offers user login capabilities and data request forms to facilitate after sales support. The company positions itself as a niche service provider within the entertainment technology sector, with a medium-sized business footprint based in Italy. The website content is basic but functional, with legal and privacy links present, though lacking advanced user engagement or marketing features. Technically, the site uses UIkit and standard web technologies but suffers from slow load times and lacks modern CMS or platform integrations. Security posture is weak, with no valid SSL certificate, no DNSSEC, and minimal security headers, exposing users to potential risks. There is no visible incident response or vulnerability disclosure policy, and GDPR compliance mechanisms are minimal. Overall, the site requires significant improvements in security and performance to meet modern standards and build user trust.

M

Melhor Envio

melhorenvio.com.br

63

Melhor Envio is a leading Brazilian platform specializing in freight intermediation, offering users the ability to simultaneously compare shipping costs across multiple carriers and generate shipping labels with automatic tracking. The company targets both individuals and businesses seeking efficient freight management solutions. Their market position is strong within the transportation sector, supported by a comprehensive digital platform and active social media presence. Technically, the website employs a modern JavaScript-based stack with integrations including Google Tag Manager, ActiveCampaign, Datadog, and various marketing and analytics tools. Hosting is inferred to be on Amazon AWS infrastructure, with DNS managed via AWS Route53. The site shows good mobile optimization and SEO practices, although accessibility is basic. From a security perspective, the site implements several best practices such as Content Security Policy, HSTS with subdomain inclusion, CSRF tokens, and secure cookie flags. However, a critical issue is the invalid or missing SSL certificate and lack of TLS protocol support, which severely impacts secure communications. No explicit privacy policy, terms of service, or vulnerability disclosure documents were found, indicating gaps in compliance and transparency. Overall, Melhor Envio demonstrates a mature business and technical presence but requires urgent improvements in SSL/TLS configuration and formalization of privacy and security policies to enhance trust and compliance.

B

Bitrix Inc

bitrixsoft.com

55

Bitrix Inc operates Bitrix24, a comprehensive all-in-one SaaS platform designed to streamline business operations including CRM, project management, collaboration, HR automation, and marketing. With over 15 million organizations worldwide, Bitrix24 holds a strong market position as a leading integrated business management solution. The platform supports multiple operating systems and offers extensive features tailored to various business needs, including an AI-powered assistant called CoPilot. Technically, the website is built on the Bitrix CMS and framework, leveraging modern JavaScript libraries and hosted on AWS infrastructure. However, the current security posture reveals critical gaps, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines secure communications. Despite strong compliance with GDPR and multiple industry certifications, the website's security configuration requires urgent improvements to protect user data and maintain trust. Strategic recommendations include implementing robust SSL/TLS, enhancing security headers, and publishing a vulnerability disclosure policy to strengthen the overall security framework.

E

emarketing AG

intellitracking.com

60

intelliTracking, operated by emarketing AG, is a leading German provider of website data analysis and customer journey tracking solutions. The company emphasizes privacy compliance, offering patented, cookieless, and server-side tracking technologies tailored for e-commerce and website operators in Germany. Their market position is strong, supported by multiple certifications and a broad client base. Technically, the site is built on Squarespace with a moderate performance profile and good mobile optimization. However, the SSL configuration is currently invalid, posing a significant security risk. Security headers are partially implemented, but improvements are needed to meet modern standards. Overall, intelliTracking demonstrates a high level of professionalism and trustworthiness, with clear contact information and compliance with GDPR requirements.

TÜV PROFiCERT, operated by TÜV Hessen, is a well-established certification and conformity assessment provider specializing in quality management, environmental and energy management, occupational safety, information security, healthcare, and validation services. The company leverages its TÜV brand reputation and accredited certification procedures to serve businesses seeking recognized certifications in Germany and potentially beyond. The website is built on TYPO3 CMS, hosted behind Cloudflare, and employs a professional design with clear navigation and multilingual support. While the SSL certificate is valid and HSTS is enabled with preload, the absence of modern TLS protocols (TLS 1.2 or 1.3) is a notable security gap. The site implements a comprehensive cookie consent mechanism and uses etracker for analytics, reflecting a moderate level of user tracking with good privacy compliance. Contact information is clearly presented, but no explicit incident response or vulnerability disclosure policies are found. Overall, the site demonstrates a solid security posture with room for improvement in modern protocol support and security header implementation.

Z

Zoonou Limited

zoonou.com

66

Zoonou Limited is a UK-based software testing and quality assurance company, uniquely positioned as the UK's only employee-owned software testing firm. Established in 2007, it has delivered over 5,000 projects and holds multiple certifications including B Corp, ISO 9001, ISO 27001, and Cyber Essentials Plus. The company offers a comprehensive suite of services spanning QA strategy, delivery, accessibility, cybersecurity, and test automation, targeting private, public, and third sector organizations. Their business model emphasizes employee ownership and social responsibility, aligning with their B Corp certification and commitment to inclusivity and accessibility. Technically, Zoonou employs modern web technologies including React, HubSpot marketing and analytics tools, and Umbraco CMS. The site is hosted via UK2.net and integrates multiple third-party services for marketing and analytics. While the SSL certificate is valid and strong, the site currently lacks support for modern TLS protocols, which is a notable security gap. Performance metrics indicate a slower load time, suggesting opportunities for optimization. From a security perspective, the company demonstrates good practices such as HSTS enforcement and absence of known SSL vulnerabilities. However, the lack of DNSSEC, CAA records, and a published vulnerability disclosure policy or security.txt file indicates areas for improvement. No explicit incident response or security contact information was found, which could impact responsiveness to security events. Overall, Zoonou presents a professional, trustworthy, and socially responsible brand with solid technical infrastructure but with room to enhance its security posture and performance. Strategic improvements in TLS support, DNS security, and transparency around vulnerability management would strengthen their risk profile and client confidence.

K

KM Business Information US, Inc.

investmentnews.com

64

InvestmentNews is a leading financial media platform focused on providing news, analysis, and resources for independent financial advisors and wealth managers in the United States. The company operates a subscription-based business model offering premium content, events, webinars, and data services. Their market position is strong within the financial advisory sector, supported by a consistent brand and good content quality. Technically, the website leverages a modern JavaScript stack with React, integrates multiple third-party marketing and analytics tools including Algolia, HubSpot, and Azure Application Insights, and is hosted behind Cloudflare. Security posture is adequate with a valid SSL certificate and bot protection via reCAPTCHA Enterprise; however, there are notable gaps such as disabled modern TLS versions, lack of HSTS, DNSSEC, and a subdomain takeover vulnerability on a development subdomain. Privacy and cookie policies are present and GDPR compliant with a consent mechanism. Overall, the site demonstrates good professionalism and trustworthiness but would benefit from addressing security vulnerabilities and enhancing HTTPS configurations.

B

Bitrix Inc

bitrix24.com.br

61

Bitrix Inc operates Bitrix24, a comprehensive SaaS platform offering CRM, project management, collaboration, marketing, and HR automation tools. With a strong market presence serving over 15 million organizations globally and availability in 18 languages, Bitrix24 positions itself as an enterprise-grade solution for businesses of all sizes. The platform supports web, mobile, and desktop clients, leveraging a proprietary Bitrix framework and modern web technologies. Security posture is adequate with valid SSL certificates and no known vulnerabilities, but lacks modern TLS protocol support and advanced security headers. The website demonstrates good GDPR and cookie compliance with consent mechanisms and detailed policies. Extensive use of analytics and marketing tools indicates a mature digital marketing strategy. Overall, Bitrix24's website reflects a professional, trustworthy, and technically competent business with room for security enhancements.

E

Equals

equals.com

67

Equals is a technology company specializing in providing an all-in-one GTM analytics platform that integrates with Salesforce, HubSpot, Stripe, and SQL databases to deliver real-time insights on pipeline and ARR. Positioned as a trusted solution for RevOps, founders, and finance teams, Equals emphasizes clarity and actionable revenue insights to drive business growth. The company maintains a professional online presence with consistent branding and customer testimonials, reinforcing its market position in the SaaS analytics space. Technically, the website is hosted on Netlify and leverages modern JavaScript technologies, Google Tag Manager, and Intercom for analytics and customer engagement. While the site demonstrates good performance and mobile optimization, it lacks some advanced security configurations such as modern TLS protocols and DNSSEC. Security headers are properly implemented, and the SSL certificate is valid, but the absence of a cookie policy and explicit security or incident response policies indicates room for improvement. Overall, Equals exhibits a solid digital maturity with a focus on user experience and trust, though enhancements in security posture and compliance transparency would strengthen its risk management and customer confidence.

M

Mercos

mercos.com

64

Mercos is a Brazilian software company specializing in B2B sales automation and e-commerce solutions tailored for industries, distributors, and commercial representatives. Positioned as one of the most utilized sales systems in the market, Mercos offers a comprehensive suite of services including sales force automation, B2B e-commerce portals, AI-powered order processing, payment systems, and video call sales features. The company targets medium-sized businesses seeking to streamline their sales operations and integrate seamlessly with existing ERP systems. Their market presence is reinforced by over 8,700 clients and 52,000 users, highlighting strong adoption and trust within their niche. Technically, Mercos leverages modern web technologies such as React and JavaScript, hosted on Amazon Web Services infrastructure with CloudFront CDN for content delivery. The site integrates multiple marketing and analytics tools including Google Tag Manager, HubSpot, RD Station, and Visual Website Optimizer, indicating a mature digital marketing strategy. Performance is optimized with preloading scripts and responsive design, ensuring good mobile experience and SEO. From a security perspective, Mercos maintains a valid SSL certificate issued by Amazon but currently lacks support for modern TLS protocols and advanced security headers. DNS security features like DNSSEC and CAA are not enabled, and no explicit security or incident response policies are publicly disclosed. While no critical vulnerabilities are detected, the absence of cookie consent mechanisms and limited privacy compliance features suggest areas for improvement. Overall, Mercos presents a robust business and technical foundation with excellent user experience and market positioning. However, enhancing security configurations, privacy compliance, and transparency around incident response would strengthen their risk posture and customer trust.

E

Ebazar.com.br LTDA.

mercadolivre.com.br

71

Mercado Livre Brasil is a leading e-commerce marketplace platform in Brazil, offering a wide range of products across numerous categories with a strong focus on user experience, accessibility, and comprehensive service offerings including payment processing, shipping, and subscription services. The platform is supported by a robust technical infrastructure leveraging modern web technologies and extensive third-party integrations for analytics and advertising. Security measures are well implemented with strong SSL configurations and security headers, although some improvements in protocol support and explicit security policies could enhance the posture further. Overall, the website demonstrates high professionalism, trustworthiness, and digital maturity, positioning it as a dominant player in the Brazilian e-commerce market.

E

Ebazar.com.br LTDA.

kangu.com.br

66

Kangu operates as a shipping intermediation service within the Mercado Livre ecosystem, providing logistics support and customer service related to package delivery, reimbursements, and digital wallet credits. The business is positioned as a partner service to Mercado Livre, focusing on transportation and e-commerce sectors in Brazil. The website demonstrates a moderate level of digital maturity with the use of modern JavaScript frameworks, monitoring tools like New Relic and OpenTelemetry, and integration with Mercado Livre's analytics and infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and lack of advanced security headers, which poses risks to user data confidentiality and trust. The site includes cookie consent mechanisms and complies with basic email authentication standards but lacks explicit security and incident response policies. Overall, the business shows good operational integration but requires significant improvements in security to protect its users and maintain trust.

LexisNexis Risk Solutions, operating the Accurint® TraX™ platform, provides advanced investigative solutions primarily targeting law enforcement and government agencies. Their platform integrates call detail records with law enforcement and identity data to enable efficient device geolocation investigations. The company is positioned as a trusted, enterprise-level provider with a comprehensive suite of services including investigative support, training, and single sign-on capabilities with related products. The website reflects a mature digital presence with extensive content, strong branding, and a focus on compliance and privacy. Technically, the website employs a robust technology stack including JavaScript frameworks, VWO for optimization, Adobe DTM for tag management, and OneTrust for cookie consent management. Hosting is on Amazon AWS with a valid SSL certificate, though some TLS protocol support appears limited. Performance is moderate to slow due to large page size and resource count, but mobile optimization and accessibility are well addressed. From a security perspective, the site implements key best practices such as HSTS and valid SSL, but lacks DNSSEC and CAA records, which are recommended for enhanced security. No explicit security policy or incident response information is publicly available, indicating an area for improvement. The site demonstrates good privacy compliance with clear policies and consent mechanisms. Overall, LexisNexis Risk Solutions maintains a high level of professionalism and trustworthiness in its online presence, supporting its role as a critical provider of investigative and risk management solutions. Strategic enhancements in security posture and transparency could further strengthen its market position and customer confidence.

LexisNexis operates as a leading provider of legal, regulatory, and business information services, targeting primarily legal professionals and researchers. The website analyzed is a secure sign-in portal for accessing their research services, reflecting a mature enterprise-level business model with a strong market position. The company provides comprehensive customer support with multiple international phone numbers and maintains clear links to privacy and terms of service policies, demonstrating regulatory awareness and user transparency. Technically, the site employs standard web technologies including jQuery and OneTrust for cookie consent management. While the SSL certificate is valid and issued by a reputable CA, the absence of modern TLS protocols and security headers indicates room for improvement in security hardening. Performance is moderate to slow, and mobile optimization is basic, suggesting potential areas for technical enhancement. From a security perspective, the site shows good foundational practices such as valid SSL and cookie consent but lacks advanced security headers, DNSSEC, and CAA records. No explicit security policies, incident response contacts, or vulnerability disclosure mechanisms were found, which could be addressed to improve security posture and user trust. Overall, the website is professional and trustworthy but would benefit from technical and security upgrades to align with best practices and compliance standards.

L

LexisNexis Risk Solutions

bankersalmanac.com

75

Bankers Almanac is a specialized portal operated by LexisNexis Risk Solutions, providing financial institutions with access to banking data and KYC compliance tools. Positioned as an enterprise-grade service, it supports risk management and regulatory compliance needs for banking professionals. The website serves primarily as a login gateway to these services, integrating modern authentication via Auth0 and linking to corporate LexisNexis resources. Technically, the site employs standard web technologies but lacks modern TLS protocol support and DNSSEC, which are areas for improvement. Security posture is solid with valid SSL and HSTS enabled, but could benefit from enhanced security headers and DNS protections. Overall, the site demonstrates a professional and trustworthy presence aligned with enterprise financial services.