Security Directory

Raiffeisen Bank International AG operates as a leading business bank in Austria and Central and Eastern Europe, offering a broad range of financial services including corporate banking, investor relations, and sustainability-focused products. The website targets investors, corporate and institutional clients, job seekers, and private customers, reflecting a mature and comprehensive business model with a strong market position. Technically, the site is built on Adobe Experience Manager with Vue.js components, leveraging modern analytics and marketing tools such as Mouseflow, Google Tag Manager, and hCaptcha. However, a critical security weakness is present due to an invalid SSL certificate and lack of TLS protocol support, which undermines the otherwise strong security headers and policies implemented. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, content-rich, and trustworthy but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

N

Nameshift.com

kontext.nl

35

Nameshift.com operates as a domain name brokerage and escrow service focused on providing safe, fast, and fee-free domain transfers for buyers. The business model centers on charging sellers a commission while offering buyers a secure and straightforward purchasing experience. The website content is minimal and primarily serves as a landing page to facilitate domain purchases via Nameshift.com. Technically, the site uses modern web technologies such as SvelteKit and is hosted on a Caddy server, but lacks proper SSL/TLS configuration, resulting in no HTTPS availability. This significantly impacts the security posture and user trust. Security headers are partially implemented, but critical vulnerabilities exist due to the absence of a valid SSL certificate and TLS protocols. Privacy and cookie policies are missing, and no contact emails or phone numbers are provided, limiting compliance and user support capabilities. Overall, the site demonstrates a basic digital presence with room for significant improvements in security, privacy, and content completeness.

Eli Lilly and Company is a large, established pharmaceutical enterprise specializing in healthcare products and services. The domain lilly.com is consistent with the company's identity and history, reflecting a mature business with a global presence. However, the website content is currently inaccessible due to a Cloudflare security challenge page, which blocks direct content analysis. The technical infrastructure shows use of Cloudflare as a security and hosting provider, but the SSL/TLS configuration is critically lacking with no valid certificate or HTTPS enabled. Security headers are present but insufficient without proper encryption. No privacy, cookie, or terms of service policies are detectable in the accessible content, and no contact information or forms are visible. The DNS and email security configurations (SPF, DMARC) are well implemented, indicating good email security practices. Overall, the website's security posture is weak due to missing HTTPS and blocked content, limiting user trust and accessibility.

A

at-visions GmbH

at-visions.com

35

at-visions GmbH is a medium-sized Austrian company specializing in hospitality technology solutions including mobile apps, hotel TV, professional WIFI, and digital signage. The company targets hotels and hospitality businesses, offering integrated guest experience platforms and IT consulting services. Their website demonstrates a strong market position with numerous reputable hotel clients and technology partners. Technically, the website is built on WordPress with modern frameworks and includes accessibility and SEO optimizations. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security weaknesses. Privacy compliance is well addressed with clear privacy and cookie policies. Overall, the business appears credible and professional, but urgent improvements in security infrastructure are recommended.

The website represents the Landeskrankenhaus Feldkirch, a leading healthcare institution in Vorarlberg, Austria, serving as a regional specialty hospital and academic teaching hospital. It provides comprehensive medical services, education, research, and social care, targeting patients, visitors, and healthcare professionals. The organization is well-established with a history dating back to 1972 and operates under the Vorarlberger Krankenhaus-Betriebsgesellschaft.m.b.H. umbrella. Technically, the website uses a modern stack including nginx, Google Analytics, Matomo, and CookieHub for privacy compliance. The site is well-structured, mobile-optimized, and accessible, with good SEO practices. However, performance is slow, and no CMS or advanced frameworks were detected. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, exposing users to risks. While some security headers like HSTS are present, critical improvements are needed to secure communications and protect user data. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security enhancements to protect visitors and maintain compliance. Strategic recommendations include implementing HTTPS, enhancing security headers, and continuous security audits.

The website grassrootsgroup.com is currently inaccessible, presenting a 403 Forbidden error page that blocks all content access. Due to this, no business information, metadata, or contact details are available for analysis. The domain's DNS configuration is standard with valid A and MX records, indicating proper email routing through Google servers. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. The lack of content and security headers further reduces trust and usability. Overall, the site appears to be either misconfigured or intentionally restricted, preventing meaningful engagement or evaluation.

U

UNIQA Group

uniqagroup.com

40

UNIQA Group is a large Austrian insurance and financial services provider with a strong market presence and a public listing since 1990. The website targets investors, customers, suppliers, and job seekers, offering comprehensive information on insurance products, investor relations, sustainability initiatives, and career opportunities. The content is professionally presented with consistent branding and good quality. Technically, the website uses Apache server technology and integrates modern marketing and analytics tools such as Adobe DTM, Google Tag Manager, and Dynatrace. However, it lacks SSL/TLS encryption, which is a critical security gap. Security headers are well implemented, but the absence of HTTPS significantly reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy practices. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations.

Insticore GmbH is a small Austrian digital agency specializing in digital marketing, web development, branding, and training services. The company targets a broad audience including small ventures, large businesses, and entrepreneurs, positioning itself as a comprehensive provider of digital solutions. The website is built on WordPress using the Divi theme and builder, with integrations for Google Analytics and HubSpot for marketing and analytics purposes. However, the site lacks HTTPS, which is a critical security shortfall. Security headers are partially implemented but the absence of SSL/TLS and modern security practices significantly lowers the security posture. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and improve trust.

The website ambassadorsfootball.org is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content, business information, or user interaction elements. The domain is registered and uses Cloudflare for DNS and hosting, with Google MX records for email, indicating a legitimate setup. However, the lack of a valid SSL certificate and HTTPS support is a critical security deficiency. No privacy, cookie, or terms of service policies are detectable, and no contact information or business details are available on the landing page. The site’s technical infrastructure relies on Cloudflare but lacks modern TLS protocols and proper SSL configuration, resulting in a poor security posture. Overall, the site’s current state severely limits content accessibility and trustworthiness, requiring significant improvements in security and transparency.

Wildniszone.at is a small Austrian business focused on consulting, education, and adventure-based team development and coaching services primarily targeting organizations and individuals in the Baden bei Wien region. The website content is minimal and outdated, relying on framesets and lacking modern web design and mobile optimization. Technically, the site is hosted on Apache with PleskLin and uses easyname.eu as the hosting provider. However, the absence of HTTPS and modern security headers significantly weakens its security posture. No privacy or cookie policies are present, and no contact or incident response information is provided, which impacts trust and compliance negatively. Overall, the website presents a low level of digital maturity and security readiness.

O

Online Marketing & Webdesign Agentur Wien | SLIDEBIRD

slidebird.com

37

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 27 security findings identified across all modules.

T

TGW Logistics GmbH

tgw-group.com

38

TGW Logistics GmbH is a foundation-owned global leader in warehouse automation and logistics solutions headquartered in Austria. The company offers comprehensive end-to-end automated systems, software, and services tailored to industries such as fashion, grocery, industrial goods, and consumer goods. With over 4,500 employees worldwide and a strong market presence, TGW Logistics supports business growth through innovative technology and customer-centric solutions. The website reflects a professional and consistent brand image with extensive customer success stories and detailed service offerings. Technically, the site is built on TYPO3 CMS with responsive design and uses Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of security headers significantly weaken the security posture. Privacy policies and cookie consent mechanisms are present, indicating basic GDPR compliance. Overall, the site is content-rich and credible but requires urgent improvements in security infrastructure to protect user data and enhance trust.

Silicon Austria Labs GmbH is a leading Austrian research center specializing in electronics-based systems, focusing on innovative technologies for a sustainable, smart, and connected future. The organization operates multiple locations in Austria and offers research projects, cooperation models, and R&D services, positioning itself as a key player in the technology research sector. The website reflects a professional and consistent brand image with clear communication of services and partnership opportunities. Technically, the site is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. However, the absence of HTTPS/SSL is a critical security flaw that undermines the site's security posture. Security headers are partially implemented, but the lack of encryption exposes users to risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and clear privacy policy. Business credibility is supported by certifications and transparent contact information. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

Bergner Group

bergnerhome.com

36

Bergner Group is a well-established homeware solutions provider founded in 1999, offering a broad range of kitchenware and home products under multiple brands. The company targets consumers and retail partners globally, emphasizing innovation, quality, and comprehensive business support services. The website reflects a professional and consistent brand image with strong content relevance and user experience. Technically, the site uses modern JavaScript libraries and tracking tools but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, but direct contact details like emails or phone numbers are not explicitly provided. The WHOIS data aligns well with the business claims, supporting domain legitimacy. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

P

panagenda

panagenda.com

40

panagenda is a technology company specializing in analysis and optimization of IT collaboration landscapes, focusing on Microsoft 365 and HCL Notes/Domino environments. Their offerings include software products like OfficeExpert TrueDEM and MarvelClient, alongside consulting and diagnostic services aimed at improving digital experience and reducing operational costs. The company targets IT professionals and enterprises seeking enhanced collaboration and user experience monitoring solutions. Technically, the website is built on WordPress with a modern tech stack including PHP 8, Apache, and various analytics and marketing tools. SEO and content quality are good, with structured data and comprehensive resource hubs. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically undermines secure communications. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

voestalpine BÖHLER Edelstahl GmbH & Co KG is a leading manufacturer of special high-performance steels serving advanced industrial sectors including aerospace, automotive, and oil & gas. The company operates a state-of-the-art steel plant with a focus on innovation, quality, and environmental standards. The website reflects a mature digital presence with multilingual support, detailed product and application information, and strong branding aligned with its parent company voestalpine AG. Technically, the site is built on WordPress with modern plugins for SEO, multilingual content, and user interaction. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

software4production GmbH is a specialized provider of innovative factory software solutions focused on Industry 4.0 and automation for medium-sized manufacturing enterprises. Their offerings include advanced manufacturing execution systems (MES), production planning and scheduling (PPS), and modules for data acquisition and intralogistics, all built on a robust Java/Jakarta IT architecture. The company holds a strong market position, evidenced by multiple industry awards and a comprehensive portfolio of services including consulting, training, and support. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, hosted on infrastructure associated with udag.de. While the site demonstrates good design and navigation, it lacks a valid SSL certificate and proper HTTPS implementation, which is a significant security concern. Performance metrics are not available, indicating potential areas for improvement in loading speed and optimization. From a security perspective, the absence of HTTPS and modern TLS protocols, along with missing advanced security features like OCSP stapling and session resumption, lowers the site's security posture. However, the presence of some security headers and a comprehensive privacy policy indicates a baseline commitment to security and compliance. Overall, the website is professional and trustworthy in content and business representation but requires urgent security enhancements to protect user data and improve trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and implementing cookie consent mechanisms to enhance privacy compliance.

Grammatix is a small-scale cultural and artistic photography website based in Germany, focusing on exhibitions, projects, and published books related to regions such as Nepal, Tibet, and Kashmir. The site is built on WordPress and uses common plugins like Yoast SEO and Flash Album Gallery to manage content and galleries. While the website offers good content quality and navigation, it lacks modern security measures such as HTTPS, exposing visitors to potential risks. Privacy compliance is minimal, with no visible privacy or cookie policies, and contact information is limited to a contact form without explicit emails or phone numbers. The domain registration is consistent and transparent, but the absence of domain protection locks is a minor security concern. Overall, the site is functional but requires significant improvements in security and privacy to meet modern standards.

A

Aldine ISD

aldineisd.org

37

Aldine ISD is a large, mature public school district based in Houston, Texas, providing a wide range of educational services and resources to students, parents, employees, and the community. The website is professionally designed with clear navigation, comprehensive content, and strong branding consistency. It serves as a central hub for district news, academic programs, employment opportunities, and community engagement. Technically, the site is built on WordPress with modern libraries and plugins, hosted on a reputable platform (WP Engine) and uses Cloudflare for CDN and caching. However, the absence of a valid SSL certificate and HTTPS support is a critical security concern that significantly impacts the site's security posture. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Overall, the site is trustworthy and authoritative but requires urgent security improvements.

M

Mayer & Co Beschläge GmbH

maco.at

35

Mayer & Co Beschläge GmbH operates the website maco.at, presenting itself as a leading manufacturer of window, door, and sliding door hardware, including intelligent sensor solutions for smart homes. The company targets B2B customers such as manufacturers and distributors, offering a comprehensive portfolio of products and digital services including partner portals and technical support. The website is professionally designed, multilingual, and rich in content, reflecting a mature digital presence. Technically, the site uses Kentico CMS, jQuery, and integrates Matomo analytics with a consent-based tracking approach, demonstrating a commitment to privacy compliance. However, a critical security gap exists as the maco.at domain lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. The site includes comprehensive privacy and cookie policies, terms of service, and clear contact information, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain compliance.

C

Consulting und Unternehmensberatung in Österreich - SHS

shs.at

20

SHS is a well-established consulting firm based in Austria, specializing in process consulting, change management, and organizational excellence. With over 28 years of experience, SHS serves leading companies domestically and internationally and holds a strong market position supported by multiple industry awards and recognitions. The website reflects a professional business model focused on delivering tailored consulting services to demanding clients. Technically, the website is built on WordPress with modern SEO and cookie consent tools, but lacks HTTPS encryption, which is a significant security concern. The absence of SSL/TLS undermines the security posture despite the presence of privacy policies and consent mechanisms. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and enhance trust.

G

Grupo SM

grupo-sm.com

39

Grupo SM is a large international educational group with a strong presence in Spanish and Portuguese speaking countries. The company operates through multiple subsidiaries and foundations offering educational publishing and related services. The website is built on Drupal 7 and hosted behind Cloudflare, but lacks a valid SSL certificate, resulting in no HTTPS support. The site includes comprehensive privacy and cookie policies with consent mechanisms, reflecting good privacy compliance practices. Social media presence is active and consistent with the brand. However, the absence of direct contact information and security policies such as incident response or vulnerability disclosure reduces transparency. The overall security posture is weak due to missing SSL/TLS and modern security headers, which poses risks to user data confidentiality and trust. Performance metrics are not available, indicating potential issues with site speed or monitoring. Strategic improvements in security infrastructure and contact transparency are recommended to enhance trust and compliance.

S

Spoon

spoon.se

36

Spoon is a well-established Swedish communications agency specializing in strategic and creative marketing services including storytelling, video production, and social media management. The company has a mature market presence with over 26 years of operation and is part of a larger agency network, People People People, enhancing its regional reach. The website reflects a professional and modern digital presence built on WordPress, with good SEO and user experience design. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Cookie consent is managed effectively via Cookiebot, but no privacy policy or terms of service pages were found, indicating compliance gaps. Contact information is clearly provided, supporting business credibility. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 12 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

StepChange Consulting GmbH

stepchange.com

34

StepChange Consulting GmbH is a specialized management consultancy based in Austria, focusing on the forestry, wood, pulp, paper, packaging, and tissue industries. The company offers a broad range of consulting services including strategy development, operational improvements, turnaround management, mergers and acquisitions, supply chain transformation, and digitalization. Their market position is that of an independent, industry-focused consultancy with a strong emphasis on delivering measurable business results through an experienced international team. Technically, the website is built on the Tilda CMS platform, utilizing nginx as the web server and jQuery for client-side scripting. The site is mobile optimized with good navigation and professional design. However, performance metrics are not available, and accessibility features are basic. From a security perspective, the website lacks HTTPS, which is a critical vulnerability. No SSL/TLS certificate is installed, and no modern security headers beyond X-Frame-Options are present. There is no evidence of privacy or cookie policies, nor incident response or security policies published. This exposes users to risks and reduces trustworthiness. Overall, the website presents a professional business front but suffers from significant security and privacy compliance gaps. Immediate attention to SSL/TLS implementation and privacy policy publication is recommended to improve security posture and user trust.

The website for einstein.br, representing Hospital Israelita Albert Einstein, is currently inaccessible due to a Web Application Firewall (WAF) or security mechanism blocking access. The page returns an 'Access Denied' message with minimal HTML content, preventing extraction of meaningful metadata, business information, or contact details. The DNS configuration indicates the use of Akamai CDN services and multiple mail servers, consistent with a large healthcare organization in Brazil. However, the SSL/TLS configuration is severely lacking, with no valid certificate or modern TLS protocols enabled, exposing the site to security risks. Overall, the website's digital presence is hindered by these security and accessibility issues, limiting user trust and engagement.

The website rosendahlaustria.com currently returns an HTTP 404 Not Found error with no accessible content, indicating it is either inactive or under construction. The domain is registered with valid DNS A and MX records, but no SSL certificate is installed, and the site is served over unencrypted HTTP. There are no privacy, cookie, or terms of service policies, nor any contact or business information available on the site. Technically, the site uses Microsoft-HTTPAPI/2.0 as the server software but lacks modern web technologies or frameworks. Security posture is poor due to the absence of HTTPS, security headers, and other best practices. Overall, the site has very low trustworthiness and business credibility due to lack of content and security features.

R

Roland Spedition GmbH

rolsped.com

37

Roland Spedition GmbH is a well-established Austrian logistics company specializing in combined rail and intermodal transport services. With over 26 years of domain presence, the company positions itself as a leader in hinterland traffic within Austria, offering a comprehensive range of services including operating, trucking, intermodal solutions, and additional services such as customs clearance and hazardous goods transport. The website content is professionally presented in German, targeting businesses requiring efficient and climate-friendly freight transport solutions. Technically, the site is built on WordPress with common industry-standard libraries and plugins, but suffers from a lack of proper SSL/TLS configuration, which significantly impacts its security posture. The company maintains clear contact information and implements cookie consent mechanisms, reflecting basic GDPR compliance. However, no explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found.

H

Hotel Pfefferkorn

pfefferkorns.net

25

Hotel Pfefferkorn is a luxury hospitality provider located in Lech am Arlberg, Austria, offering premium accommodations, wellness, and dining experiences. The business is well positioned in the alpine tourism market with recognized culinary certifications such as Michelin, Falstaff, and Gault Millau. The website is professionally designed using WordPress with multilingual support and SEO optimization. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. Cookie consent mechanisms and a comprehensive privacy policy demonstrate good privacy compliance. Contact information is clearly presented, supporting business credibility. Overall, the site reflects a mature hospitality business with room for improvement in security infrastructure.

S

Scheer IMC

im-c.com

40

Scheer IMC is a well-established enterprise learning company specializing in scalable LMS solutions, automated eLearning content creation, and custom learning experiences. The company serves large global brands and has a strong market position supported by extensive client references and industry awards. Technically, the website is built on WordPress and uses modern JavaScript libraries and Cloudflare CDN for hosting and performance. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines trust and exposes users to risks. Privacy compliance is well addressed with Cookiebot and a comprehensive privacy policy. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements.

B

Bohmann Druck und Verlag GmbH

bohmann.at

21

Bohmann Druck und Verlag GmbH is a well-established Austrian media company with an 80-year history, specializing in official and municipal publications such as the Amtsblatt der Stadt Wien and the Österreichische Gemeinde Zeitung. The company targets municipal decision makers and businesses, positioning itself as one of Austria's largest private communication firms. Their business model centers on publishing and communication services with a medium-sized operational scale. Technically, the website is built on an Apache server, likely using TYPO3 CMS with Bootstrap and jQuery for frontend components. Hosting is provided by A1 Telekom Austria. The site includes Google Fonts and uses Matomo and Google Analytics for visitor tracking, with a cookie consent mechanism in place. However, performance metrics are unavailable, and mobile optimization is basic. From a security perspective, the website lacks HTTPS, which is a critical vulnerability. No SSL certificate is installed, and no modern security headers are present. While no known SSL vulnerabilities or exposed sensitive data were detected, the absence of HTTPS severely impacts the security posture. Privacy and cookie policies exist and appear GDPR compliant, but no incident response or security policies are publicly disclosed. Overall, the website is functional with good content relevance and moderate trustworthiness but requires urgent security improvements, especially the implementation of HTTPS and enhanced security headers, to protect user data and improve compliance.

W

Wenatex Das Schlafsystem GmbH

wenatex.com

37

Wenatex Das Schlafsystem GmbH is a medium-sized Austrian company specializing in ergonomic sleep systems, including mattresses, slatted frames, pillows, and bedding accessories. With over 30 years of experience, the company emphasizes quality, innovation, and personalized customer consultation, positioning itself as a trusted brand in the sleep product retail and manufacturing sector. The website reflects a mature digital presence with modern technologies such as Nuxt.js and AWS hosting, providing a rich user experience with multimedia content and clear navigation. However, the absence of a valid SSL certificate significantly undermines the security posture, exposing users to potential risks. While privacy and cookie policies are present and GDPR compliant, the lack of explicit security policies and incident response information suggests room for improvement in security governance. Overall, the website is professional and trustworthy but requires urgent security enhancements to protect user data and maintain credibility.

Titan Machinery is a large, established full-service dealer specializing in agriculture and construction equipment, operating over 100 dealerships across multiple countries. The company offers new and used equipment sales, rentals, parts, service, and financing solutions, representing major CNH Industrial brands. The website is professionally designed using modern technologies such as ASP.NET and Vue.js, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Privacy and cookie policies are present but basic, and no direct contact information is visible on the homepage. Social media presence is strong, supporting brand trust. The domain is mature and well-protected, indicating a legitimate business. Overall, the website demonstrates good business credibility and technical implementation but requires urgent security improvements.

F

Fellner Wratzfeld & Partner Rechtsanwälte GmbH

fwp.at

27

Fellner Wratzfeld & Partner Rechtsanwälte GmbH is a leading Austrian law firm with over 130 highly qualified professionals. The firm offers a broad range of legal services including corporate law, banking and finance, compliance, ESG, real estate, and dispute resolution. It holds a strong market position supported by multiple industry awards and recognitions such as EMEA Top Tier Firm 2025 and IFLR1000 2024. The website is professionally designed, content-rich, and targets businesses and individuals seeking legal expertise in Austria and related sectors. Technically, the site runs on an Apache Ubuntu server with Bootstrap and Google Tag Manager integration, but suffers from slow performance and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. The security posture is basic, with no HTTPS enabled and missing key security headers, exposing the site to potential risks. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS configuration and security best practices to enhance user trust and data protection.

A

Agentur XY GmbH

xy.de

21

Agentur XY GmbH is a creative agency and production house based in Berlin, Germany, founded in 2018. The company specializes in delivering bold advertising campaigns and production services for global brands, including notable clients such as Netflix, Stepstone, and Playmobil. The website reflects a professional and consistent brand image with rich multimedia content and active social media presence. Technically, the site is built on WordPress with modern libraries and SEO optimizations, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are partially implemented, but the absence of TLS protocols and domain security features like DNSSEC and DMARC reduce the overall security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or detailed GDPR compliance indicators. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

V

Vienna House: Home

vi-hotels.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 27 security findings identified across all modules.

GE Vernova is a leading global energy technology company focused on accelerating the transition to reliable, affordable, and sustainable energy. The company offers a broad portfolio of energy generation and electrification technologies including gas, hydro, nuclear, steam power, wind power, and advanced electrification software and services. Their market position is strong, supported by a large global workforce and extensive technology base that contributes significantly to global electricity generation. The website reflects a professional and comprehensive digital presence with detailed business, investor, and sustainability information targeted at industry stakeholders, investors, partners, and potential employees. Technically, the site is built on Drupal 10, uses Cloudflare CDN, and integrates modern analytics and marketing tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS enforcement, which significantly impacts the security posture. Privacy and cookie policies are present and appear compliant with GDPR standards. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

Advance International Media Limited operates as a media planning and advertising agency focused on placing brands across influential media titles internationally. The company offers services including digital planning and advertising, programmatic advertising, content marketing, and print advertising. Their market position is that of a small, specialized media agency with a presence primarily in the UK and partnerships across Europe. The website content is professionally presented with good navigation and relevant business information targeting brands and advertisers seeking international media exposure. Technically, the website is built on WordPress using common libraries such as jQuery and Slick Carousel, hosted on 1&1 IONOS DNS infrastructure. However, the site lacks HTTPS, which is a critical security shortfall. Security headers are minimal and no advanced security policies or incident response contacts are disclosed. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the website demonstrates moderate business credibility but requires significant improvements in security and privacy compliance to meet modern standards.

Meusburger Georg GmbH & Co KG is a market leader in manufacturing high-precision standard parts, serving global customers in mould, die, and jig & fixture construction. The company offers a comprehensive product portfolio including standard parts, workshop equipment, hot runner systems, and control systems. Their website reflects a mature digital presence with extensive product categorization and multi-language support. However, the absence of a valid SSL/TLS certificate significantly impacts the security posture, exposing users to potential risks. Security headers are well configured, but the lack of HTTPS is a critical vulnerability. Privacy compliance is moderate with a privacy policy present but no visible cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

T

Tyromotion GmbH

tyromotion.com

29

Tyromotion GmbH is a medium-sized Austrian company specializing in the development and manufacture of advanced technology-driven rehabilitation and therapy devices, targeting healthcare professionals and patients globally. The company holds a strong market position as a leading innovator in robotic-assisted rehabilitation solutions and patient management software. Their website reflects a professional and comprehensive digital presence, showcasing detailed product information, customer references, and active engagement through social media and newsletters. Technically, the site is built on WordPress with modern SEO and multilingual support, but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security and user trust. Security headers are partially implemented, but the absence of HTTPS and TLS protocols is a significant vulnerability. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

A

Activision Publishing

treyarch.com

40

Treyarch.com is the official website of Treyarch Studios, a renowned video game developer known for the Call of Duty Black Ops series. The site is professionally designed, targeting gamers and industry professionals, and showcases the company's history, culture, and game portfolio. It operates under the parent company Activision Publishing, reflecting a strong market position in the gaming industry. Technically, the site uses Adobe Experience Manager CMS, hosted via Akamai, and integrates modern marketing and analytics tools such as Google Tag Manager and Adobe Launch. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for user trust and data protection. Privacy and cookie policies are comprehensive and GDPR compliant, linked through the parent company domain. Overall, the site is content-rich and trustworthy but requires urgent security improvements.

E

easybank

easybank.at

39

easybank is a leading direct bank in Austria, offering a comprehensive range of financial services including personal and business accounts, loans, credit cards, savings, and investment products. The website reflects a mature digital presence with a focus on user experience, mobile optimization, and clear navigation. The business is well-positioned in the Austrian banking sector, supported by its parent company BAWAG Group and subsidiaries such as easyleasing.at. Technically, the site uses CoreMedia CMS and integrates modern marketing and analytics tools like Adobe and Google Tag Manager, alongside a consent management platform for privacy compliance. However, the website suffers from a critical security deficiency: it lacks a valid SSL certificate and does not support HTTPS, exposing users to significant risks. Security headers and modern TLS protocols are also absent, which undermines the overall security posture. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR. Overall, while the business and content quality are excellent, the security shortcomings significantly impact the risk profile and trustworthiness of the site.

G

GE HealthCare

gehealthcare.com

40

GE HealthCare is a leading enterprise in the healthcare technology sector, specializing in precision health solutions including imaging systems, ultrasound, patient care, pharmaceutical imaging agents, and digital healthcare solutions. The company targets healthcare providers and clinicians, offering integrated technologies to improve patient outcomes and operational efficiency. The website reflects a mature, well-established business with a strong market position and comprehensive service offerings. Technically, the website is built on a modern stack including React and Sitecore CMS, with extensive use of analytics and marketing tools such as Google Tag Manager, Adobe Marketing Cloud, and New Relic. The site is well-optimized for mobile and accessibility, though performance is moderate due to large page size and resource count. Security posture is a concern due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue. Other security best practices like HSTS and OCSP stapling are also missing. The domain is mature and registered consistently with the business claims, enhancing trustworthiness. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, and improving security headers and mechanisms.

A

AFFiRiS AG

affiris.com

27

AFFiRiS AG is a clinical-stage biopharmaceutical company based in Austria, specializing in the development of novel immunotherapies for chronic diseases such as neurodegenerative disorders and hypercholesterolemia. The company leverages its proprietary AFFITOME® technology to create Specific Active ImmunoTherapies (SAIT) aimed at improving patient outcomes beyond current treatment options. The website presents a professional and well-structured digital presence targeting patients, investors, and healthcare professionals, with clear business and contact information. However, the absence of a valid SSL certificate and HTTPS implementation represents a significant security risk that undermines user trust and data protection. The site uses WordPress CMS with common plugins and libraries, but performance metrics indicate slow loading times, suggesting room for technical optimization. Privacy compliance is addressed through a cookie consent banner and a privacy policy, though terms of service and explicit security policies are not evident. Overall, AFFiRiS demonstrates a credible business profile with a need to urgently improve its security posture to protect visitors and comply with best practices.

B

Bauer Media Group

bauermedia.co.uk

26

Bauer Media Group is a well-established UK-based media company operating across multiple sectors including audio broadcasting, publishing, and advertising services. The company targets a broad UK adult audience and maintains a strong market position with a portfolio of iconic brands. The website reflects a mature digital presence with comprehensive content, structured data, and good SEO practices. However, the technical infrastructure shows critical security gaps, notably the absence of a valid SSL/TLS certificate and lack of HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed through external policies and a consent management platform. Overall, the business credibility is strong, but the security weaknesses pose risks that should be urgently addressed.

V

Vienna Insurance Group

vig.com

40

Vienna Insurance Group (VIG) is a leading insurance group in Central and Eastern Europe, operating through over 50 insurance companies and pension funds across 30 countries with approximately 30,000 employees. The website reflects a mature, enterprise-level business with a strong market position and comprehensive service offerings in insurance and reinsurance. The digital infrastructure is modern, leveraging JavaScript frameworks and a CMS (Umbraco), with good content quality and user experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a financial services website. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure communications.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

B

biocrates life sciences ag

biocrates.com

40

biocrates life sciences ag is a well-established company specializing in quantitative metabolomics kits and services, serving a global scientific and research audience. Their offerings include metabolomics phenotyping, data analysis, pathway analysis, and multiomics data services, supported by a strong community and certified laboratories. The website is professionally designed with comprehensive content and clear navigation, targeting researchers and institutions in healthcare and biotechnology sectors. Technically, the site runs on WordPress with the Divi theme and integrates modern analytics and cookie consent tools, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent WHOIS data and trust indicators such as testimonials and certifications. Strategic improvements in SSL deployment and security hardening are recommended to enhance trust and compliance.

A

Attention Required! | Cloudflare

kiska.com

30

The website kiska.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) blocking the visitor. The accessible content is limited to a Cloudflare challenge page indicating that the visitor has been blocked due to triggering security rules. As a result, no business content, metadata, or contact information is available for analysis. The DNS records show that the domain uses Cloudflare for DNS and mail services, but the SSL/TLS configuration is invalid or missing, resulting in no HTTPS support. This significantly impacts the security posture and trustworthiness of the site. Overall, the site lacks visible privacy, cookie, or terms of service policies, and no forms or business contact details are present. The site’s technical infrastructure relies heavily on Cloudflare, but the current blocking status prevents a full assessment of the business or technical maturity.