Security Directory

A

Akzo Nobel N.V.

international-marine.com

61

International Marine, a division of Akzo Nobel N.V., operates a comprehensive website focused on marine coatings and performance solutions for vessels worldwide. The company positions itself as a global leader in marine coatings, offering specialized products and digital compliance solutions tailored to various vessel types and shipyard operations. The website reflects a B2B business model targeting marine industry professionals and ship operators, supported by strong corporate branding and a consistent user experience. Technically, the site is built on Adobe Experience Manager with React components and integrates modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent management. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of TLS protocol support, which severely impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates good content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and maintain trust.

A

A1 Startup Campus

a1startup.net

65

A1 Startup Campus is a medium-sized startup accelerator affiliated with the A1 Group, focused on supporting startups in technology, digital services, cybersecurity, education, and sustainability sectors. The website is professionally designed using WordPress with multilingual support and integrates modern technologies such as Vimeo for video content and Google Tag Manager for analytics. The site demonstrates good SEO and mobile optimization, providing clear navigation and relevant business content. Security posture is adequate with HTTPS and valid SSL certificates, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is strong with a GDPR-compliant cookie consent mechanism and detailed cookie categorization. Contact is primarily via email, with no phone numbers or physical addresses explicitly provided. Overall, the site is trustworthy and well-positioned as a startup support platform within the telecommunications and technology industry.

A

Austrian Business Agency

investinaustria.at

40

The Austrian Business Agency operates the website investinaustria.at to promote Austria as a prime investment destination. It provides comprehensive information and free consulting services to international investors and companies interested in establishing or expanding their business in Austria. The agency emphasizes Austria's innovation, research capabilities, skilled workforce, and stable economic environment. Technically, the website is built on modern frameworks including TYPO3 CMS and Nuxt.js, hosted behind Cloudflare for performance and security. The SSL certificate is valid but lacks advanced HTTPS security headers like HSTS. Privacy compliance is partially addressed with a clear privacy policy but lacks a cookie consent mechanism. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is professional, content-rich, and user-friendly, suitable for its government agency role.

D

Deka Investments

deka-investments.de

40

Deka Investments is a prominent German asset management company offering professional investment and retirement solutions primarily targeting private customers. The website reflects a strong market position with comprehensive services including funds, certificates, savings plans, and wealth management, supported by multiple industry awards and a close affiliation with the Sparkassen-Finanzgruppe. The digital infrastructure leverages modern JavaScript frameworks such as Vue.js and integrates analytics and marketing tools like Google Tag Manager and eGain Chat, providing a good user experience with clear navigation and mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for a financial services website. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms in place. Contact information is clearly presented with multiple channels including phone, contact forms, and chat. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain user trust.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 13 security findings identified across all modules.

N

Next Big Idea Club

nextbigideaclub.com

49

Next Big Idea Club operates as a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital content via a mobile app, and exclusive community engagement opportunities. Technically, the site is built on WordPress, hosted on AWS infrastructure, and integrates multiple marketing and analytics tools such as Mixpanel, Google Tag Manager, and ProfitWell. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical security vulnerability. The absence of a cookie consent mechanism and minimal security headers further weaken its security posture. Business credibility is supported by strong branding, testimonials, and social media presence, but privacy compliance could be improved. Overall, the site provides good content and user experience but requires urgent security enhancements.

N

NoStress Commerce s.r.o.

nostresscommerce.cz

40

Koongo, operated by NoStress Commerce s.r.o., is a mature SaaS platform specializing in product feed management and marketplace integrations for e-commerce sellers. The company offers extensive integrations with over 500 sales channels and supports numerous e-commerce platforms, positioning itself as a comprehensive solution for online sellers seeking to expand their marketplace presence. The website content is professionally designed, rich in detail, and targets online sellers and businesses requiring automated order and inventory synchronization. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom, hosted on Forpsi infrastructure. However, the absence of a valid SSL certificate and lack of TLS protocol support represent critical security weaknesses. While security headers and content security policies are partially implemented, the site’s security posture is significantly impacted by the missing HTTPS, which is a fundamental requirement for secure web operations. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

F

Frequency

frequency.xyz

69

Frequency.xyz is a technology-focused website branded as "Frequency" with the tagline "Welcome to the People's Internet." The site appears to be a simple single-page application built with modern JavaScript frameworks, specifically SvelteKit, and hosted on GitHub Pages. It targets a technology-savvy audience interested in internet and privacy-related topics, though explicit business model details and market positioning are not provided. The site uses Matomo analytics and Klaro for cookie consent management, indicating a moderate level of privacy awareness. From a technical perspective, the website employs a modern tech stack with JavaScript and SvelteKit, and it is hosted on a reliable platform (GitHub Pages). Performance is fast with minimal resources loaded, but mobile optimization and accessibility are basic. SEO metadata is present but limited to Open Graph tags without structured data. The SSL certificate is valid but lacks advanced security features such as HSTS. Security posture is adequate with HTTPS enabled and no detected vulnerable cipher suites or subdomain takeover risks. However, the absence of security headers like HSTS and Content-Security-Policy reduces the overall security robustness. No privacy policy, terms of service, or contact information is provided, which impacts compliance and trust. Cookie consent is implemented properly via Klaro, requiring user consent before tracking. Overall, the website is functional and moderately secure but lacks comprehensive privacy and business transparency documentation. Strategic improvements in security headers, privacy disclosures, and contact information would enhance trust and compliance.

L

L-Bank

l-bank.info

40

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

40

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

K

Koongo

koongo.dk

40

Koongo is a Danish-based SaaS company specializing in product feed management and multi-channel marketplace integration for online sellers. The platform supports over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize product data and orders automatically. Koongo positions itself as a cost-effective and user-friendly solution with extensive e-commerce platform integrations and a strong customer support reputation. The website is professionally designed, multilingual, and includes comprehensive business and contact information. Technically, the site is built on WordPress with modern JavaScript libraries and analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, exposing it to security risks. Security headers are partially implemented, and privacy compliance is well addressed with cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a mature digital presence but must urgently address SSL issues to improve security posture and trust.

K

Koongo

koongo.gr

40

Koongo is a medium-sized e-commerce SaaS provider specializing in product feed management and marketplace integration, enabling online sellers to automate synchronization of product data and orders across multiple sales channels. The company is positioned as a trusted provider with a comprehensive service offering, including integrations with major marketplaces like Amazon and eBay, and supports over 500 sales channels. Technically, the website is built on WordPress with modern analytics and marketing tools, but lacks a valid SSL certificate, which impacts security posture significantly. Security headers and cookie consent mechanisms are properly implemented, reflecting good privacy compliance. However, the absence of HTTPS and modern TLS protocols is a critical vulnerability that must be addressed to improve trust and security. Overall, the site is content-rich, professionally designed, and provides clear business and contact information, supporting a positive user experience and business credibility.

K

Koongo

koongo.it

40

Koongo is a medium-sized e-commerce software company specializing in product feed management and marketplace integration services. Their platform enables online sellers to automate product listings, synchronize inventory and orders across multiple sales channels, and optimize marketplace operations. Positioned as a comprehensive solution provider, Koongo supports over 500 sales channels and integrates with major e-commerce platforms such as Shopify, Magento, WooCommerce, and others. The company is based in Prague, Czech Republic, and operates under the parent company NoStress Commerce s.r.o. Their website reflects a professional and consistent brand image with good content quality and user experience, targeting online sellers seeking multi-channel sales automation. Technically, the website is built on WordPress CMS with a modern tech stack including jQuery, Google Analytics, Intercom, and Bing Ads integrations. However, the site suffers from slow page load times and lacks a valid SSL certificate, which impacts security and user trust. Cookie consent mechanisms and privacy policies are well implemented, demonstrating GDPR compliance. The site uses multiple tracking and advertising tools, indicating extensive user tracking for marketing purposes. Security-wise, the absence of a valid SSL certificate and missing security headers are significant weaknesses. DNS security features like DNSSEC and CAA are not enabled, and email security via DMARC is missing. Despite these gaps, no critical vulnerabilities or malware indicators were found. The overall security posture is basic and requires urgent improvements to protect user data and enhance trust. In summary, Koongo presents a solid business offering with a mature digital presence but needs to address critical security deficiencies to improve its overall risk profile and user confidence. Strategic investments in SSL/TLS, security headers, and DNS/email security will elevate their security posture and compliance standing.

K

Koongo

koongo.es

40

Koongo is a SaaS platform specializing in product feed management and multi-channel marketplace integration for online sellers. The company offers extensive integrations with over 500 sales channels including Amazon, eBay, and Google Shopping, enabling sellers to synchronize inventory, automate order processing, and optimize product data. Positioned as a reliable and scalable solution, Koongo targets e-commerce businesses seeking to expand their online presence efficiently. The website is professionally designed with clear navigation and multilingual support, primarily in Spanish, and includes trust signals such as customer testimonials and third-party review badges. Technically, the site is built on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security shortfall that undermines user trust and data protection. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and a detailed privacy policy. Overall, Koongo demonstrates a solid business and technical foundation but requires urgent improvements in security infrastructure to meet industry standards.

K

Koongo

koongo.de

40

Koongo is a medium-sized e-commerce technology company specializing in product feed management and multi-channel marketplace integration. The company offers a SaaS platform that enables online sellers to synchronize product data, inventory, and orders across over 500 sales channels including Amazon, eBay, and Google Shopping. Koongo positions itself as a comprehensive solution provider with integrations to numerous e-commerce platforms such as Magento, Shopify, WooCommerce, and others. The website is professionally designed, content-rich, and targets e-commerce businesses seeking to expand their online sales footprint efficiently. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom for customer engagement. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a detailed cookie consent mechanism and complies with GDPR requirements, reflecting a strong privacy posture. Overall, Koongo demonstrates a solid market presence with good business credibility but requires urgent improvements in its security infrastructure to meet industry standards.

K

Koongo

koongo.nl

40

Koongo is a medium-sized e-commerce technology company based in the Netherlands, owned by NoStress Commerce s.r.o. It provides a SaaS platform for product feed management and order synchronization across over 500 online marketplaces including Amazon, eBay, and Google Shopping. The website is professionally designed, content-rich, and targets online sellers seeking to expand multi-channel sales efficiently. Technically, the site runs on WordPress with modern JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business demonstrates strong market positioning and trust signals but must urgently address security shortcomings to protect user data and maintain credibility.

B

Bildungswerk der Sächsischen Wirtschaft

bsw-sachsen.de

40

Bildungswerk der Sächsischen Wirtschaft is a well-established educational organization focused on vocational training and professional development in the Saxony region of Germany. With over 30 years of experience and multiple subsidiaries, it offers a broad portfolio of services including further education, training seminars, and integration courses. The organization targets companies, employees, job seekers, and schools, positioning itself as a key regional player in workforce qualification and development. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and includes SEO-friendly structured data and social media integration. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in an insecure connection and lack of HTTPS enforcement. Other security best practices such as security headers, DNSSEC, and DMARC are also missing. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and cookie policies. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

E

Eurasia Group

eurasiagroup.net

64

Eurasia Group is a prominent global political risk consultancy headquartered in the United States with additional offices in Washington and London. The company specializes in providing political risk advisory, management consulting, thought leadership, speaking engagements, and event services to businesses and organizations navigating geopolitical uncertainties. Their market position is that of an established leader in the political risk and geopolitical analysis sector, supported by a strong digital presence and client engagement platforms. Technically, the website is built on a modern ASP.NET framework with extensive use of JavaScript libraries such as jQuery and UI components, hosted behind Cloudflare for performance and security. The site demonstrates good mobile optimization, fast loading times, and solid SEO practices. Integration with marketing and analytics tools like MailChimp, Hotjar, Facebook Pixel, and Twitter tracking indicates a mature digital marketing strategy. From a security perspective, the site employs HTTPS with TLS 1.3 and 1.2, uses secure and HttpOnly cookies, and has OCSP stapling enabled. However, it lacks some advanced security headers such as HSTS and Content-Security-Policy, which are recommended for enhanced protection. The site has well-defined privacy and cookie policies with consent mechanisms, indicating good privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. Overall, Eurasia Group's website reflects a professional, secure, and privacy-conscious digital presence aligned with its business objectives. Strategic improvements in security headers and incident response transparency could further strengthen its security posture and trustworthiness.

C

Calls for Transfer

callsfortransfer.de

31

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

C

csad.cz

csad.cz

40

The website csad.cz appears to represent a transportation-related business, likely a bus or transport service based in the Czech Republic. However, the website content is extremely minimal, consisting only of a placeholder text with an IP address and no meaningful business or contact information. The technical infrastructure is outdated, running Apache 2.2.15 and PHP 5.6.11, with no SSL certificate installed, resulting in an unsecured HTTP-only site. There are no modern web technologies or CMS detected, and no performance or SEO optimizations are evident. Security posture is weak due to lack of HTTPS, missing security headers, and outdated software, exposing the site to potential risks. Privacy and compliance policies are absent, and no contact or incident response information is provided, limiting trust and credibility. Overall, the site is poorly maintained and lacks essential features for a professional online presence.

O

Ost-Ausschuss der Deutschen Wirtschaft e.V.

ost-ausschuss.de

40

The Ost-Ausschuss der Deutschen Wirtschaft e.V. is a medium-sized non-profit association based in Germany that facilitates economic cooperation and business relations between German companies and Eastern European and Central Asian markets. The organization provides services such as policy advocacy, networking events, delegations, and publishes relevant economic updates and reports. The website is professionally designed using Drupal 10 and integrates modern web technologies and analytics tools, targeting business stakeholders and policymakers. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly weakens its security posture. Privacy and cookie policies are present and include consent mechanisms, reflecting good compliance with GDPR requirements. Contact information is clearly provided, enhancing business credibility.

B

Bundesverband der Deutschen Industrie e.V.

bdi.eu

40

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 21 security findings identified across all modules.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 9 security findings identified across all modules.

B

Big Bus Tours Ltd

bigbustours.com

54

Big Bus Tours Ltd operates as a leading global sightseeing bus tour provider, specializing in hop-on hop-off tours across major cities such as London, New York, and Paris. The company holds a strong market position as the largest operator of open-top sightseeing bus tours with over 30 years of service. Their business model focuses on tourism and travel services, offering additional experiences beyond bus tours to enhance customer engagement. The website reflects a professional and consistent brand presence targeting tourists worldwide. Technically, the website is built on Magento 2, leveraging modern web technologies including RequireJS, Google Tag Manager, and various marketing and analytics tools such as MoEngage and New Relic. Hosting and DNS services are provided by Cloudflare, ensuring global content delivery. While the site is mobile-optimized and SEO-friendly, performance metrics are not explicitly available. Accessibility is basic but functional. From a security perspective, the site implements several important HTTP security headers and a comprehensive Content Security Policy. However, a critical vulnerability is the absence of a valid SSL certificate and lack of TLS protocol support, severely impacting the security posture. This exposes users to risks and undermines trust. Privacy compliance is addressed with clear privacy and cookie policies, including consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is functional and business credible but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing HSTS policies, and improving incident response readiness.

V

VPG Vienna PASS GmbH

viennapass.de

40

VPG Vienna PASS GmbH operates the Vienna Pass website, offering sightseeing passes for tourists visiting Vienna. The business provides two main products: the Vienna PASS with access to up to 90 attractions and the Flexi PASS with a flexible number of visits. The website is built on TYPO3 CMS and integrates modern marketing and payment technologies such as Google Tag Manager, Usercentrics for consent management, and Adyen for payments. The site demonstrates good content quality, clear navigation, and mobile optimization, targeting tourists and culture enthusiasts. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and GDPR compliant, with active social media engagement and trust signals like Trustpilot and money-back guarantees enhancing business credibility.

W

WienTourismus

viennacitycard.at

40

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

40

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

M

Madri Lab

madrilab.com.br

40

Madri Lab is a Brazilian company specializing in multimedia services with a strong focus on educational technology, particularly hosting and customizing Moodle-based EAD platforms. Their market position is that of a niche service provider offering tailored solutions for educational institutions and corporate clients seeking to enhance their online learning environments. The website demonstrates a professional approach with good content quality and clear navigation, targeting Portuguese-speaking audiences in Brazil. Technically, the site is built on WordPress with Elementor and Yoast SEO, but lacks critical security features such as HTTPS, which significantly impacts its security posture. The absence of an SSL certificate and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic, with privacy and terms pages present but no cookie consent mechanism detected. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance credibility.

E

Expert EAD

aulaoead.com.br

47

Expert EAD is a specialized online education platform focused on LMS Moodle training, offering a comprehensive catalog of over 30 courses ranging from beginner to advanced levels. The platform targets educators, LMS administrators, developers, and IT professionals, providing certification and practical learning outcomes. The website is built on WordPress with Elementor and integrates marketing and analytics tools such as Google Analytics and Facebook Pixel. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security concern. Cookie consent mechanisms are implemented, but privacy policies and terms of service are not found, indicating potential compliance gaps. Business information is clearly presented, including parent company details and social media presence, enhancing credibility.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

A

Agritech Lavrale S.A. - Divisão Lavrale

lavrale.com.br

40

Agritech Lavrale S.A. - Divisão Lavrale is a Brazilian manufacturing company specializing in agricultural machinery and components, with a legacy of approximately 50 years. The company offers a broad range of products including agricultural implements, cabines, military trailers, and spare parts, targeting agricultural workers and farmers. Their market position is established with a consistent brand presence and active social media engagement. Technically, the website is built on a custom or unknown CMS, served by an Apache server, and uses common web technologies such as JavaScript, Google Fonts, and Google Maps API. However, the site lacks HTTPS, which severely impacts its security posture. Security headers are minimal and some are disabled, indicating a need for significant improvements in security practices. Privacy and cookie policies are absent, which raises compliance concerns. Overall, the website provides good content quality and user experience but suffers from critical security and privacy shortcomings.

L

Lintec Ind. Com. de Motores e Equip. Movim. Materiais Ltda.

lintecmotores.com.br

40

Lintec Motores is a Brazilian company specializing in the manufacturing and distribution of energy generators, including diesel and gasoline models, as well as related equipment such as motobombas and motors. It operates as a subsidiary of Agrale S.A., leveraging the parent company's certification and quality standards to position itself as a provider of cost-effective and robust energy solutions primarily for the Brazilian market. The website serves as a platform for product information, distributor location, and post-sales support, targeting customers seeking reliable energy generation equipment. Technically, the website employs a traditional technology stack including nginx web server, jQuery libraries, Google Analytics, and Google reCAPTCHA for form security. However, it lacks modern security implementations such as HTTPS, valid SSL certificates, and advanced security headers, which exposes users to potential risks. The site shows basic mobile optimization and accessibility features but suffers from slow performance and outdated libraries. From a security perspective, the absence of HTTPS and TLS protocols is a critical vulnerability. While the site includes comprehensive privacy and cookie policies compliant with GDPR principles, it lacks explicit terms of service, security policies, and incident response contacts. The cookie consent mechanism is implemented via Popupsmart, providing users with control over cookie preferences. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. The overall risk assessment indicates a medium risk level due to missing HTTPS and outdated technologies. Strategic recommendations include immediate SSL implementation, upgrading security headers, modernizing the tech stack, and enhancing transparency with clear security and incident response policies to improve user trust and compliance.

N

newco.es

newco.es

40

The website newco.es currently serves only a minimal HTML page that immediately redirects visitors to a /lander path. There is no substantive content, metadata, or business information available on the root page. DNS records show the domain is registered and has valid A records, but lacks DNSSEC and CAA records. The SPF record is restrictive, disallowing all mail sending. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks and reducing trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact or company information is available. Overall, the digital maturity of the site is very low, with poor technical implementation and security posture.

T

TÜV NORD

tuev-nord.de

40

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

S

Stahlinstitut VDEh

vdeh.de

40

Stahlinstitut VDEh is a German-based institute specializing in steel technology, offering services such as seminars, standardization, membership, and publications. The website targets industry professionals and members within the steel manufacturing sector. The business model revolves around providing educational and industry services to its members and stakeholders. Technically, the website is built on PHP 7.4.33 with nginx and uses common frontend libraries like Bootstrap and jQuery. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The site is moderately optimized for mobile and has a good design and navigation structure but suffers from slow DNS resolution and no caching headers that could improve performance. Security posture is weak due to missing HTTPS, lack of advanced security headers, and no cookie consent mechanism. Privacy compliance is minimal with a privacy policy present but no explicit GDPR compliance or cookie consent. Business credibility is moderate with clear branding and professional content but lacks direct contact information and certifications. Overall, the site scores low on security and privacy compliance, which should be prioritized to improve trust and user safety.

F

freenet Internet

freenet-internet.de

40

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

I

IXOPAY GmbH

tokenex.com

70

IXOPAY GmbH operates a sophisticated enterprise payment orchestration and tokenization platform designed to streamline global payments for merchants and enterprises. The company positions itself as a scalable and flexible solution provider, offering a wide range of payment modules and services that enhance authorization rates, PCI compliance, and payment data management. Their market focus includes fintech, e-commerce, and financial services sectors, targeting businesses that require advanced payment orchestration capabilities. The website content is professionally designed, well-structured, and optimized for user experience and SEO, reflecting a mature digital presence. Technically, the website leverages modern JavaScript frameworks and integrates third-party tools such as Sentry for error tracking, Google Tag Manager for analytics, and ChiliPiper for lead routing. Hosting is provided via Cloudflare, ensuring robust CDN and security features. Performance is fast, and the site is mobile-optimized with good accessibility standards. Structured data in JSON-LD format enhances search engine understanding and business credibility. From a security perspective, the site enforces HTTPS with strong security headers and OCSP stapling, though HSTS is not fully enabled according to SSL info. No critical vulnerabilities were detected in SSL/TLS configuration. However, the absence of a visible cookie consent mechanism and a formal incident response or vulnerability disclosure policy indicates areas for compliance and security posture improvement. No direct contact emails or phone numbers are publicly listed, with contact primarily via forms and legal pages. Overall, IXOPAY demonstrates a strong business and technical foundation with a high level of professionalism and trustworthiness. Strategic enhancements in privacy compliance and security transparency would further strengthen their market position and customer confidence.

D

DIZ | Digitales Innovationszentrum GmbH

digitalhub-ai.de

40

Digital Hub Applied Artificial Intelligence Karlsruhe is a regional technology ecosystem hub focused on advancing artificial intelligence and cybersecurity in Karlsruhe, Germany. It serves as a network facilitator offering services such as events, workshops, startup programs, and expert access to foster innovation and collaboration. The website presents a professional and consistent brand image targeting businesses and individuals interested in AI and cybersecurity. Technically, the site is built on the Contao CMS platform, using Apache server and common web libraries like jQuery and Leaflet. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. Security headers are present but insufficient without proper HTTPS. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy page, but GDPR compliance indicators and incident response information are missing. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy practices.

P

Page Not Found

bertelsmann-investments.com

44

The website bertelsmann-investments.com currently serves only a 404 error page indicating that no site configuration is found. There is no accessible business content, contact information, or policies available on the site. The site is powered by TYPO3 CMS but lacks a valid SSL certificate and does not support HTTPS, resulting in a poor security posture. The DNS configuration shows hosting and mail services linked to arvato-systems.de and servicemail24.de respectively, but no further business details are exposed. Overall, the site is non-functional from a user and business perspective, with minimal technical implementation and no privacy or compliance features.

B

Bertelsmann Education Group

bertelsmann-education-group.com

55

Bertelsmann Education Group is a medium-sized entity under the Bertelsmann parent company, focusing on investments and partnerships in healthcare training and education solutions. The company targets healthcare organizations and education sector stakeholders, aiming to address workforce and skills shortages through innovative learning and workforce management solutions. The website reflects a professional and consistent brand presence, highlighting key subsidiaries such as Afya Limited and Relias. Technically, the site is built on WordPress using Elementor and Astra theme, with moderate performance and good mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, despite having some security headers and a strict DMARC policy. Privacy compliance is supported by a clear privacy policy and cookie consent mechanism via Cookiebot. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

B

Bertelsmann Marketing Services

bertelsmann-marketing-services.com

50

Bertelsmann Marketing Services is a large, Germany-based media and marketing services company, operating as a 100% subsidiary of Bertelsmann. The company specializes in direct marketing, printing services, and multi-channel campaign management, serving a broad range of clients including retail, industrial, and publishing sectors. The website is professionally designed, content-rich, and well-structured, supporting both German and English languages. Technically, the site uses TYPO3 CMS and is hosted on infrastructure managed by Arvato Systems. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. Security headers are partially implemented but insufficient to mitigate risks fully. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism in place. Business credibility is high, supported by certifications and active communication through press releases and social media.

A

Arvato SE

arvato.com

53

Arvato SE is a global enterprise specializing in third-party logistics (3PL), supply chain management, and digital logistics solutions. The company serves a diverse range of industries including e-commerce, B2B, and transportation, offering services such as warehousing, fulfillment, transport management, and digital customer experience solutions. Their market position is strong with a broad international footprint and multiple regional subsidiaries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed service descriptions. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Security-wise, the absence of HTTPS and security headers are critical issues, though cookie consent and privacy compliance are well implemented. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

B

BMG Rights Management GmbH

bmg.com

50

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

R

RTL Group

rtlgroup.com

54

RTL Group is a major European entertainment company with a broad portfolio of TV channels, streaming services, radio stations, and content production subsidiaries. The company is publicly traded and majority owned by Bertelsmann, with a strong market position in multiple European countries. The website presents comprehensive business information, investor relations, career opportunities, and corporate responsibility content, reflecting a mature and professional digital presence. Technically, the site uses nginx and a custom CMS, with Google Tag Manager for analytics. However, a critical security weakness is the lack of a valid SSL certificate and absence of HTTPS, which severely impacts the security posture. Privacy and cookie policies are not explicitly found, though a consent mechanism is present. Overall, the site is well-designed and content-rich but requires urgent security improvements.

B

Bertelsmann SE & Co. KGaA

bertelsmann.com

52

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating through multiple divisions such as RTL Group, Penguin Random House, BMG, and Arvato Group. The company provides a wide range of media, publishing, entertainment, and service offerings targeting journalists, investors, applicants, and the general public. The website reflects a mature digital presence with comprehensive corporate, investor, and media information, supported by strong branding and consistent content quality. Technically, the site uses established technologies like jQuery, Bootstrap, and Cookiebot for consent management, hosted on AWS CloudFront CDN. However, the absence of a valid SSL/TLS certificate and disabled HTTPS protocols represent critical security gaps. Security headers and content security policies are implemented but cannot compensate for the lack of HTTPS, which is essential for protecting user data and trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

B

Bertelsmann

createyourowncareer.de

40

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

R

Roca Sanitario S.A.U.

roca.com

64

Roca Sanitario S.A.U. is a global leader in bathroom products with a presence in over 170 countries. The company offers a wide range of innovative, sustainable bathroom solutions targeting both consumers and professionals. Their website reflects a mature digital presence built on Liferay DXP, featuring rich content including product collections, professional resources, and corporate information. The site is well-branded and professionally designed, with good navigation and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user trust and data security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via forms and social media, with no direct emails or phone numbers exposed. Overall, the website is functional and credible but requires urgent security improvements to protect users and enhance trust.

L

Landitec GmbH

landitec.com

53

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on customized IT security appliances and software solutions, including network hardware, edge AI, 5G, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with notable partners such as SECUDOS and Barracuda. Their offerings include both hardware and software appliances, tailored to customer needs from initial concept to final product delivery. Technically, the website is built on Joomla CMS with the Helix Ultimate framework, utilizing modern libraries like jQuery and Bootstrap. The site is well-structured, mobile-optimized, and includes SEO best practices. However, the absence of a valid SSL certificate and HTTPS significantly impacts their security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating good privacy compliance. Analytics usage is moderate, primarily via Google Analytics and Tag Manager. Security-wise, the lack of valid HTTPS is a critical issue that lowers the overall security score. Other security best practices such as HSTS, OCSP stapling, and session resumption are not implemented. No explicit security policy or incident response information is found. The company provides clear contact information and maintains a professional online presence, but should prioritize securing their website with valid SSL certificates to enhance trust and compliance. Overall, Landitec GmbH presents a professional and credible business with solid technical infrastructure but requires urgent improvements in security configuration to meet modern standards and ensure customer trust.

X

XING

prescreen.io

61

The website prescreen.io redirects or is represented by recruiting.xing.com, a platform operated by XING, a subsidiary of NEW WORK SE. The site offers the onlyfy Bewerbungsmanager, a comprehensive talent acquisition and applicant tracking solution designed for companies seeking to modernize and streamline their recruiting processes. The platform integrates active and passive sourcing, multiposting, social media campaigns, and detailed reporting to support holistic recruiting workflows. Technically, the site is built on WordPress with modern front-end frameworks like Bootstrap and jQuery, hosted on AWS infrastructure. While the site demonstrates good SEO, structured data usage, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact its security posture. Privacy compliance is well addressed with visible privacy and cookie policies and consent management via Usercentrics. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and maintain trust.