Security Directory

I

IKG Group AB

ikg.se

19

IKG Group AB is a mature Swedish technical consulting company specializing in engineering services for product development firms. With over 28 years of domain age and a presence in ten Swedish cities, the company offers a broad range of engineering disciplines including software development, mechanics, IT systems, electrical construction, and project management. The website reflects a professional business with consistent branding and a clear focus on technical consulting services. Technically, the site uses an older jQuery-based stack combined with modern analytics tools like Google Analytics and Tag Manager. However, the website suffers from significant security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which exposes visitors to risks and reduces trust. Privacy compliance is basic, with a cookie consent banner present but no visible privacy policy or terms of service. The business information is clear and consistent with WHOIS data, supporting legitimacy. Overall, the site is functional but requires urgent security improvements to protect users and enhance credibility.

M

MCR

morse.com

40

MCR is a well-established and large hotel management and ownership company, recognized as the third largest hotel owner-operator in the United States. The company operates a diverse portfolio of hotels across multiple states and brands, with a strong reputation supported by numerous industry awards and recognitions. The website reflects a mature business with a professional online presence, targeting investors, partners, and hospitality professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery and Google Maps integration, but suffers from a lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts its security posture. Security headers are well implemented, but the absence of SSL and modern TLS protocols is a critical vulnerability. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of use, but the lack of a cookie consent mechanism is a gap. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

E

Eti

etietieti.com

39

Eti is a well-established Turkish food manufacturing company with a strong market presence and a diverse product portfolio including biscuits, chocolates, and health-oriented food products. The website serves as a comprehensive corporate portal providing product information, recipes, corporate governance details, career opportunities, and social responsibility initiatives. The site targets consumers interested in quality food products and healthy nutrition, leveraging a consistent brand identity and multiple language options for international reach. Technically, the website is built on ASP.NET WebForms and uses modern JavaScript libraries for UI enhancements. However, performance metrics are lacking and the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts user trust and security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Social media integration and partner links enhance the brand's digital ecosystem. Overall, Eti's website is professional and content-rich but requires urgent security improvements to meet modern standards.

B

BORBET GmbH

borbet-austria.at

30

BORBET GmbH is a large, internationally oriented family-owned manufacturer specializing in aluminum alloy wheels for the automotive industry and specialist trade. The company offers a comprehensive product range including a 3D wheel configurator and operates both B2B and B2C sales channels. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeting automotive customers and partners. Technically, the site uses a custom CMS with common JavaScript libraries but lacks modern SSL/TLS security, which is a critical vulnerability. Privacy compliance is well addressed with a cookie consent mechanism and clear privacy policy. Contact information and social media presence enhance business credibility. However, the absence of a valid SSL certificate and TLS protocols significantly undermines the security posture, exposing users to risks. Strategic improvements in SSL deployment and security best practices are urgently recommended.

A

AMES - Aerospace and Mechanical Engineering Services

ames.aero

19

AMES - Aerospace and Mechanical Engineering Services is a mature Austrian company specializing in aerospace engineering, certification, production, maintenance, CAMO, consulting, and training services. With a domain age of 17 years and multiple aerospace certifications, AMES positions itself as a reliable service provider in the aerospace transportation sector. The website reflects a professional business model targeting aerospace industry professionals and companies requiring specialized engineering and certification services. The company maintains a consistent brand presence with clear contact information and social media engagement. Technically, the website employs a variety of established JavaScript libraries and frameworks such as jQuery, Bootstrap, and Owl Carousel, indicating a moderate level of digital maturity. However, the site lacks HTTPS encryption and modern security configurations, which significantly impacts its security posture. Performance is rated slow due to missing SSL and potential optimization gaps, though mobile responsiveness and navigation clarity are good. Security evaluation reveals critical vulnerabilities including the absence of SSL/TLS, no HSTS, no DNSSEC, and missing security headers. These gaps expose the site to potential interception and downgrade attacks. The domain's imminent expiry in 11 days adds operational risk. Privacy compliance is minimal, with basic privacy and terms documents available but no cookie consent or incident response contacts. Overall, AMES demonstrates solid business credibility and content quality but requires urgent security improvements to protect its digital assets and customer trust. Strategic recommendations include immediate SSL implementation, enhanced domain protection, and adoption of security best practices to elevate the security score and compliance posture.

E

Eurofins Scientific

eurofins.com

40

Eurofins Scientific operates a comprehensive global network of laboratory testing services specializing in food, environment, pharmaceutical product testing, and agroscience CRO services. With approximately 63,000 employees and over 950 laboratories across 60 countries, Eurofins is a world leader in its sector, offering more than 200,000 analytical methods. The website reflects this extensive business scope with detailed service offerings and a strong global presence. Technically, the site uses modern JavaScript libraries and analytics tools, but suffers from critical SSL/TLS configuration issues that undermine its security posture. Security headers are implemented, but the lack of a valid SSL certificate and disabled TLS protocols represent significant vulnerabilities. Privacy compliance is well addressed with cookie consent mechanisms and privacy policies in place. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS issues to ensure secure user interactions.

B

Baumit.com

baumit.com

36

Baumit.com is an established international company specializing in building materials, facade insulation, and innovative construction technologies such as 3D concrete printing. The company emphasizes sustainability and healthy living environments, supported by research initiatives like the VIVA Research Park. The website presents a professional and consistent brand image with good content quality and navigation. Technically, the site uses a variety of modern JavaScript libraries and custom CMS solutions, but the main domain lacks HTTPS, which is a significant security concern. The subdomain int.baumit.com uses HTTPS properly. Security posture is weak due to missing SSL on the main domain and lack of security headers. Privacy compliance is well addressed with clear cookie consent and privacy policies. Business credibility is supported by consistent WHOIS data and structured organization information. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance trust.

J

Job-TransFair gemeinnützige GmbH

jobtransfair.at

27

Job-TransFair gemeinnützige GmbH is a Vienna-based non-profit organization dedicated to supporting disadvantaged individuals in the labor market by facilitating permanent employment opportunities. The organization collaborates with a large network of partner companies and receives financial support from the AMS Wien and the City of Vienna. Their website provides comprehensive information about their services, success stories, and job offers, targeting both job seekers and employers. The content is well-structured, professionally presented, and primarily in German. Technically, the site is built on the Contao CMS platform with modern frontend technologies like Bootstrap and jQuery, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy compliance is strong, with Cookiebot implemented for consent management and clear privacy and cookie policies. The site also integrates Google Tag Manager for analytics and marketing purposes. Overall, the business is credible and transparent, with clear contact information and trust indicators such as certifications and partnerships.

wengermayer business consulting is a small Austrian consulting firm specializing in human-centric organizational development, communication culture, conflict management, and personnel development. Their services focus on supporting businesses where human interaction and development are central. The website is built on Contao CMS and hosted on an Apache server with Ubuntu, using various JavaScript libraries for UI enhancements. However, the site lacks HTTPS, which is a critical security vulnerability. Cookie consent is implemented via Cookiebot, indicating awareness of privacy compliance. Social media presence on XING, LinkedIn, Facebook, and Twitter supports business credibility. Overall, the technical infrastructure is basic with room for modernization and security improvements.

Weatherford's PetroVisor website presents a mature and comprehensive SaaS platform focused on unifying data and analytics for the energy sector, specifically oil and gas production optimization. The platform integrates AI/ML capabilities and offers multiple modules addressing production, artificial lift, completion optimization, ESG, and enhanced oil recovery. The website is professionally designed, content-rich, and targets enterprise-level energy industry professionals. Technically, the site uses a modern tech stack including Kentico CMS, jQuery, and various analytics and marketing tools. However, a critical security gap exists as the site lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security incident response or vulnerability disclosure information is found. Overall, the domain registration data supports the legitimacy and maturity of the business. Strategic security improvements are necessary to enhance trust and protect user data.

D

Dorotheum GmbH & Co KG

dorotheum.com

40

Dorotheum GmbH & Co KG operates the largest auction house in Central Europe, specializing in art, antiques, jewelry, and collectibles with over 300 years of experience. The company holds numerous auctions annually, both online and in physical salerooms, and offers additional services such as private sales and expert consultations. The website is professionally designed, content-rich, and targets collectors, buyers, and sellers in the art and luxury goods market primarily in Austria and surrounding regions. Technically, the site is built on TYPO3 CMS with modern frontend libraries and integrates analytics and marketing tools like Google Tag Manager and Facebook Pixel. However, the absence of a valid SSL certificate and lack of security headers represent significant security weaknesses. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent improvements in security posture to protect user data and enhance trust.

Q

Quality Austria

qualityaustria.com

32

Quality Austria is a leading Austrian institution specializing in integrated management systems, quality certification, and training services. The company offers a broad range of certifications including ISO standards, Austria Gütezeichen, and EOQ certificates, positioning itself as a trusted partner for organizations seeking quality assurance and compliance. The website reflects a mature digital presence with comprehensive content, multi-language support, and a professional design tailored to its target audience of businesses and public organizations. Technically, the site is built on WordPress with WooCommerce for e-commerce capabilities, enhanced by performance optimizations such as WP Rocket and advanced search via FacetWP. The use of Borlabs Cookie ensures compliance with privacy regulations through effective consent management. However, the absence of a valid SSL certificate is a critical security flaw that undermines user trust and data protection. Security measures include several HTTP security headers and a content security policy restricting frame ancestors, but the invalid SSL certificate and lack of explicit security or incident response policies indicate areas for improvement. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent attention to its SSL configuration to ensure secure user interactions.

B

Barmherzige Brüder Wien

bbwien.at

38

Barmherzige Brüder Wien operates as a large, well-established non-profit hospital in Austria, providing a broad range of medical services and patient care. The website reflects a mature digital presence with comprehensive content, clear navigation, and active social media engagement. Technically, the site uses a modern CMS (siteswift) and popular JavaScript libraries to enhance user experience. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in all traffic being served over HTTP, which exposes users to potential interception risks. The site implements GDPR-compliant privacy and cookie consent mechanisms, indicating awareness of privacy regulations. WHOIS data confirms domain legitimacy and consistency with the hospital's identity. Overall, the site is professional and trustworthy but urgently requires HTTPS implementation to secure user data and improve security posture.

C

Cloudera

cloudera.com

40

Cloudera is a leading enterprise technology company specializing in hybrid data platforms that enable secure data management and cloud-native analytics. The company targets large enterprises across multiple sectors including technology, healthcare, finance, manufacturing, and government. Their platform supports data engineering, AI, streaming, and operational databases, positioning them strongly in the hybrid multi-cloud data market. The website reflects a mature digital presence with comprehensive content, strong branding, and extensive customer references. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Analytics, Segment, Coveo search, and Brightcove video services. The site is mobile optimized and well structured for SEO and accessibility. However, the SSL configuration is currently invalid with no TLS protocols enabled, which is a critical security concern. Security headers are partially implemented but HSTS is not fully enabled. Privacy and compliance policies are comprehensive and prominently linked, indicating good GDPR and data protection awareness. Contact information is clearly provided with phone numbers and support portals. No WAF or blocking mechanisms were detected, allowing full content access. Overall, Cloudera's website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL and TLS configurations to improve security posture and user trust.

Desmet is a well-established global engineering company specializing in custom plants and equipment for the food, feed, and biofuel industries. With a large workforce and multiple brands, it holds a strong market position supported by extensive experience and a professional digital presence. The website is content-rich, well-structured, and uses modern technologies, but critically lacks HTTPS/SSL, which severely impacts its security posture. While security headers are implemented, the absence of valid SSL/TLS and related configurations exposes the site to risks. Privacy compliance is partially addressed with visible privacy and cookie policies, but no explicit consent mechanism is detected. Business credibility is high due to clear branding, contact information, and WHOIS consistency. Strategic improvements in security infrastructure and incident response readiness are recommended.

H

Huppenkothen GmbH

huppenkothen.at

35

Huppenkothen GmbH operates a professional website focused on the sale and rental of mini and compact construction machinery, serving primarily the Austrian construction sector. The company maintains a strong market position with 42 locations and a large inventory of machines and spare parts. The website is well-designed, content-rich, and optimized for SEO and accessibility, targeting construction professionals and businesses. Technically, the site is built on WordPress with modern plugins and frameworks, but lacks HTTPS, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. Overall, the site demonstrates a mature digital presence but requires urgent security improvements to protect user data and trust.

PTM EDV-Systeme GmbH operates the website mscrm-addons.com, providing specialized add-ons and solutions for Microsoft Dynamics 365 and Power Platform users. The company offers a mature product portfolio addressing document creation, capacity management, and activity handling, targeting businesses using Microsoft technologies. The website demonstrates a professional presence with clear business information, customer testimonials, and partner programs, positioning itself as a trusted provider in the technology sector. Technically, the site is built on ASP.NET with the DNN CMS platform and integrates modern JavaScript libraries and Google services for analytics and user interaction. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is addressed with cookie consent and a privacy policy, and contact channels are well established. Overall, while the business and content quality are strong, the lack of HTTPS significantly impacts the security posture and user trust.

Flughafen Wien AG operates Vienna International Airport, providing a wide range of passenger services including flight information, parking, lounges, VIP services, and retail. The website targets passengers, business partners, and visitors, positioning itself as a leading airport in Austria with comprehensive service offerings. The digital infrastructure uses modern frameworks like Bootstrap and integrates privacy-conscious analytics via Matomo. However, the absence of a valid SSL certificate and HTTPS significantly undermines the security posture. Security headers are partially implemented, but critical improvements are needed to secure user data and communications. The domain is mature and legitimately registered, consistent with the airport's long-standing presence. Overall, the website is professional and content-rich but requires urgent security enhancements.

S

Standortagentur Tirol GmbH

standort-tirol.at

21

Standortagentur Tirol GmbH is a regional economic development agency based in Tirol, Austria, focused on fostering innovation, technology, and sustainable growth for businesses, research institutions, and municipalities. The company operates as part of the Lebensraum Tirol Holding and offers a broad range of services including support for digitalization, funding, cluster networking, and internationalization. Their website reflects a professional and well-structured digital presence targeting multiple stakeholder groups with relevant content and resources. Technically, the site runs on Microsoft IIS with ASP.NET and uses common JavaScript libraries and marketing tools such as Google Tag Manager and Cookiebot for consent management. However, a critical security weakness is the absence of HTTPS and a valid SSL certificate, exposing users to potential risks. Privacy compliance is addressed with visible policies and consent mechanisms, but incident response and security policies are not evident. Overall, the site is credible and functional but requires urgent security improvements to protect user data and enhance trust.

O

Oper Graz

oper-graz.com

37

Oper Graz is a well-established cultural institution based in Austria, specializing in opera, ballet, concerts, and related performing arts. The website serves as a portal for event information, ticket sales, and community engagement, targeting a broad audience including families, youth, and cultural enthusiasts. The business model revolves around live event performances and ticketing services, supported by partnerships with regional theater organizations. Technically, the site is built on WordPress with a multilingual setup and uses common plugins for SEO, forms, and interactive content. However, the absence of a valid SSL certificate and HTTPS severely impacts the site's security posture. While the site demonstrates good content quality, accessibility, and SEO practices, the lack of modern security protocols and headers exposes it to risks. Privacy compliance is addressed with clear policies and cookie consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

F

Fast Rent A Car

fastuae.com

38

Fast Rent A Car is a leading car rental company operating in the United Arab Emirates, offering a wide range of vehicles including compact cars, SUVs, luxury cars, and commercial vehicles. The company boasts an extensive network of branches and pickup points across the UAE, targeting individuals and businesses seeking flexible rental and leasing options. Their business model focuses on daily, weekly, monthly, and long-term leases, positioning them as a major player in the UAE transportation sector. The website content is professionally presented with good branding consistency and trust indicators such as certifications and awards.

BMO Global Asset Management (BMO GAM) is a leading Canadian asset manager offering a broad range of investment products including mutual funds, ETFs, and alternative products. The website clearly targets investors, advisors, and institutional clients, reflecting a mature and well-established financial services business. The company operates under the larger Bank of Montreal (BMO) umbrella, reinforcing its market position and credibility. Technically, the website leverages modern web technologies such as Next.js and integrates with Adobe Launch and OneTrust for marketing and compliance. Hosting is provided via Akamai CDN, ensuring global content delivery. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant technical and security shortcomings that undermine user trust and data protection. From a security perspective, while some security headers like HSTS and X-Frame-Options are present, the lack of HTTPS and modern TLS support is a critical vulnerability. No published security policies, incident response contacts, or vulnerability disclosure mechanisms were found, indicating gaps in security transparency and readiness. Overall, the website is professionally designed and content-rich, but the lack of proper SSL/TLS configuration and security disclosures lowers its security posture and trustworthiness. Strategic improvements in SSL deployment, security policy publication, and DNS security would significantly enhance the site's security and compliance standing.

E

Energie AG

energieag.at

40

Energie AG is a well-established regional energy provider in Upper Austria, offering a broad range of services including electricity, gas, internet, photovoltaic solutions, and electromobility products. The company positions itself as a modern and reliable energy supplier with a strong focus on customer service and sustainability. Their website reflects a mature digital presence with comprehensive content and professional design, targeting both private and business customers. Technically, the site uses a modern technology stack with various JavaScript libraries and integrates multiple analytics and marketing tools. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and privacy policies that comply with GDPR requirements. Overall, the business appears legitimate and trustworthy, but urgent improvements in SSL/TLS configuration are necessary to enhance security and user trust.

C

Chemetall GmbH

chemetall.com

34

Chemetall GmbH is a well-established global leader in surface treatment chemical solutions, operating as a subsidiary of BASF. The company serves industrial clients across multiple sectors including aerospace, automotive, and manufacturing, providing advanced chemical technologies and laboratory services. The website reflects a professional and consistent brand presence with good content quality and clear navigation, targeting B2B industrial customers. Technically, the site uses legacy JavaScript libraries and lacks modern performance optimizations, with slow loading times and basic mobile responsiveness. Security posture is weak due to the absence of HTTPS and minimal security headers, exposing users to potential risks. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. WHOIS data confirms a mature and legitimate domain with consistent registration details. Overall, the site demonstrates solid business credibility but requires urgent improvements in security and privacy to meet modern standards.

M

Miba AG

miba.com

31

Miba AG is a large Austrian industrial company specializing in the development and production of critical components for the energy value chain and transportation sectors. Their product portfolio includes sintered parts, sliding bearings, friction linings, power electronics components, coatings, and eMobility solutions. The company maintains a strong global presence with multiple locations and a focus on sustainable and efficient energy applications. Technically, the website is built on TYPO3 CMS and uses modern JavaScript libraries, but suffers from a critical lack of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. The site includes comprehensive corporate information, social media integration, and cookie consent mechanisms, indicating good privacy compliance. However, no explicit security or incident response policies are published. Overall, the website is professional and content-rich but requires urgent security improvements to protect users and business operations.

R

Rotunda Software

ministryschedulerpro.com

49

Ministry Scheduler Pro is a specialized software solution designed to simplify church volunteer scheduling, targeting churches and ministries. The company, Rotunda Software, positions itself as a trusted provider with over 3,800 churches using its services. The platform offers automated scheduling, communication tools, and a mobile app to enhance volunteer engagement. Technically, the website employs modern JavaScript libraries, analytics, and animation technologies, hosted on AWS infrastructure. However, the absence of HTTPS and security headers significantly undermines the security posture, exposing users to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the business credibility is strong, supported by testimonials and a clear market focus, but urgent security improvements are necessary to protect users and maintain trust.

N

Nofima AS

nofima.no

57

Nofima AS is a leading Norwegian food research institute specializing in research and development for the aquaculture, fisheries, and food industries. The organization serves a broad audience including food producers, government agencies, and scientific communities. Their business model focuses on providing research services, knowledge dissemination, and training to support sustainable food production. The website is professionally designed, content-rich, and well-branded, reflecting a strong market position in the government sector. Technically, the site is built on WordPress with modern plugins and libraries, hosted behind Cloudflare, and uses Matomo for privacy-conscious analytics. However, the security posture is weakened by an invalid SSL certificate and lack of TLS support, which is a critical risk. Privacy compliance is good with clear privacy and cookie policies, though no explicit terms of service or security policies are published. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain credibility.

U

UiT Norges arktiske universitet

uit.no

58

UiT Norges arktiske universitet is a prominent Norwegian university specializing in Arctic education and research. The website serves a broad audience including students, researchers, and staff, providing comprehensive information about study programs, research initiatives, and public services. The institution maintains a strong digital presence with extensive use of third-party services for analytics, marketing, and content delivery. Technically, the site employs modern frameworks like Bootstrap and jQuery, along with Font Awesome for icons, and integrates a robust cookie consent mechanism via Cookiebot. However, the website suffers from an invalid SSL certificate, which significantly impacts its security posture. While privacy compliance is well addressed with detailed cookie policies and GDPR adherence, the absence of explicit terms of service and security headers indicates areas for improvement. Overall, the site is professional and trustworthy but requires urgent attention to its SSL configuration to ensure secure user interactions.

F

FINCOM TEH LTD

wmcentre.net

40

WMCentre.net is an established online marketplace specializing in digital goods such as software licenses, game keys, and subscription services, primarily targeting Russian-speaking customers. The business is operated by FINCOM TEH LTD, a Bulgarian-registered company founded in 2003, indicating a long-standing presence in the e-commerce digital goods sector. The website offers a broad catalog of products and integrates with partner platforms for payment and digital delivery. Technically, the site uses legacy JavaScript libraries and custom CMS, with moderate performance and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes users to risks. Privacy compliance is poor, with no visible privacy or cookie policies, and contact information is limited to a web form. Overall, the site demonstrates moderate business credibility but requires significant improvements in security and privacy to enhance trust and compliance.

Komáromi Jókai Színház operates an online ticketing platform focused on theatrical performances and cultural events in Komárno, Slovakia. The website provides event listings, ticket purchasing options, and voucher issuance primarily targeting local Hungarian and Slovak-speaking audiences. The business model centers on direct online sales with integrated payment processing via Barion. Technically, the site uses a custom CMS with jQuery, Foundation framework, and several third-party scripts for UI and payment integration. However, the site suffers from a lack of HTTPS, resulting in a critical security vulnerability. The absence of privacy and terms of service pages indicates compliance gaps. Performance is suboptimal with slow load times and a large page size. Security posture is weak due to missing SSL, no security headers, and no email authentication records. Contact information is available but no company emails are published. Overall, the site is functional but requires urgent security and compliance improvements.

I

Interticket.pl

interticket.pl

40

Interticket.pl is a mature Polish e-commerce platform specializing in online ticket sales for concerts, theater, festivals, museums, and cinemas. Established in 2004, it serves primarily Polish-speaking customers with a broad offering of event tickets. The website integrates multiple marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, and maintains active social media profiles to engage its audience. However, the technical infrastructure shows signs of aging, with reliance on older JavaScript libraries and a custom CMS. Performance is suboptimal with slow page load times and a large page size. Critically, the site lacks a valid SSL certificate and does not enforce HTTPS, posing significant security risks.

M

Magyar Rádió Művészeti Együttesei

mrze.hu

40

The website represents the official online presence of the Magyar Rádió Művészeti Együttesei, a Hungarian cultural organization focused on classical music ensembles including symphonic orchestra, choir, and children's choir. It serves as a platform for concert information, ticket sales, media content, and organizational news, targeting classical music enthusiasts and concert attendees primarily in Hungary. The site is built on WordPress with a variety of custom plugins and integrates media streaming services. However, a critical security gap exists as the site lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. The site includes a cookie consent mechanism and links to a comprehensive privacy policy hosted on the parent MTVA domain, indicating good privacy compliance. No direct contact emails or phone numbers are visible, but a contact form is available. Overall, the site is professionally designed with good accessibility and SEO practices but requires urgent security improvements.

I

Interticket Kft.

jegy.hu

40

Jegy.hu is a well-established Hungarian online ticketing platform specializing in cultural events such as theater, concerts, festivals, and sports. Founded in 2000, it serves a large audience primarily in Hungary with some regional presence. The platform offers extensive event listings, search and filtering capabilities, and supports affiliate marketing and gift vouchers. Technically, the site uses a custom CMS with modern JavaScript libraries and frameworks, providing a good user experience and mobile optimization. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with cookie consent mechanisms and comprehensive privacy policies. Overall, the site is professional and trustworthy but requires urgent security improvements.

M

Magyar Rádió Művészeti Együttesei

radiomusic.hu

40

radiomusic.hu is the official website for the Hungarian Radio's Artistic Ensembles, providing information about their symphonic orchestra, choir, children's choir, and related cultural events. The site serves a Hungarian-speaking audience interested in classical music and concert attendance, offering ticket sales, event calendars, galleries, and news updates. The organization is well-established with a history of over 80 years, supported by the parent media entity MTVA. Technically, the site is built on WordPress with a variety of plugins and JavaScript libraries to enhance user experience and functionality. However, the absence of a valid SSL/TLS certificate is a critical security shortfall, exposing users to potential risks and reducing trust. The site implements cookie consent mechanisms and links to legal and privacy pages, but lacks explicit security or incident response policies. Overall, the website is content-rich and professionally maintained but requires urgent security improvements to meet modern standards.

K

Közszolgálati Médiaakadémia Alapítvány

media-akademia.hu

40

The Média Akadémia website represents a Hungarian non-profit foundation dedicated to media education and talent development, primarily targeting future television and radio professionals. The site is well-structured with rich content including news articles, event information, and educational program details. It leverages WordPress CMS with a variety of plugins to deliver multimedia content and interactive features. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a cookie consent mechanism but lacks comprehensive privacy and security policies. The domain registration is consistent and aligns with the organization's public media affiliations, indicating legitimacy. Strategic improvements in security posture and privacy compliance are necessary to enhance overall trustworthiness and compliance.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunamsz.hu

40

Duna Médiaszolgáltató Nonprofit Zrt. operates as a Hungarian public media service provider delivering television, radio, and online content primarily targeting Hungarian-speaking audiences. The website serves as a portal for accessing media services and related information, reflecting a nonprofit business model with a strong public service orientation. The company is positioned as a key player in Hungary's media landscape, supported by partnerships with official entities such as MTVA. Technically, the website is built on WordPress with a modern set of JavaScript libraries and plugins to support multimedia content delivery and user interaction. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. The site includes a cookie consent mechanism but lacks explicit privacy, security, and incident response policies, which may affect compliance with GDPR and other regulations. Overall, the site is functional and professionally designed but requires urgent security enhancements to protect user data and improve trust.

M

Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA)

mtva.hu

40

MTVA.hu is the official website of the Hungarian public media organization Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA), providing a wide range of media services including television, radio, and online content. The site is well-structured, content-rich, and targets the Hungarian public with news, press releases, and organizational information. The business model is public service media, supported by government funding, positioning MTVA as a leading media broadcaster in Hungary. Technically, the site is built on WordPress with modern JavaScript libraries and accessibility features, hosted on Telekom.hu infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. The site implements proper email security with SPF and DMARC records and includes a cookie consent mechanism compliant with GDPR. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

TIM San Marino S.p.A.

telecomitalia.sm

56

TIM San Marino S.p.A. is a telecommunications company operating in the Republic of San Marino, providing fiber internet, mobile, and fixed telephony services primarily targeting residential and business customers. The website presents a professional and well-structured digital presence, leveraging WordPress CMS and common web technologies to deliver content and service information effectively. The company maintains clear contact channels and legal compliance with privacy and cookie policies, reflecting a mature approach to customer engagement and regulatory adherence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications and user trust. Despite this, the presence of security headers and a vulnerability disclosure page indicates some level of security awareness. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and user confidence.

M

MédiaKlikk

mediaklikk.hu

40

MédiaKlikk is a Hungarian media platform offering live streaming of multiple TV and radio channels, program guides, and media archives primarily targeting Hungarian-speaking audiences. It operates under the umbrella of MTVA, the Hungarian public media organization, and serves as a central hub for national media content. The platform leverages WordPress CMS with a variety of plugins and integrates social login options and user account management features. The website demonstrates a consistent brand presence and good content relevance for its target audience. Technically, the site uses a modern web stack including jQuery, jQuery UI, Video.js, and ElasticPress, hosted on Telekom Hungary infrastructure. While the site is mobile-optimized and includes accessibility features, performance metrics are not explicitly available. SEO practices are implemented with proper meta tags and structured data. However, the absence of HTTPS is a critical security gap, significantly impacting the site's security posture. From a security perspective, the site lacks a valid SSL certificate, HSTS, and other modern security headers, exposing users to potential risks. It employs reCAPTCHA for form protection and uses third-party analytics and tracking services such as Facebook Pixel, Hotjar, and Gemius, indicating extensive user tracking. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Incident response and vulnerability disclosure information are not found. Overall, while MédiaKlikk is a reputable media platform with solid business credibility and content quality, its security posture requires urgent improvement, especially regarding HTTPS implementation and enhanced privacy compliance. Strategic recommendations include securing the site with SSL, enabling security headers, and implementing a cookie consent mechanism to align with GDPR requirements.

The San Marino Card website serves as the official portal for the government-backed SMaC program, offering discount cards and electronic wallet services to residents and businesses within San Marino. The site provides comprehensive information about card benefits, partner merchants, and access to a private client area for transaction tracking. The business model is centered on facilitating government-supported financial incentives and electronic payments, positioning itself as a key public service in the local market. Technically, the website is hosted on an nginx server with a legacy charset and uses jQuery libraries alongside Google Analytics for tracking. While the site includes several security headers and a strict transport security policy, it lacks a valid SSL certificate and does not support HTTPS, which is a critical security gap. Performance metrics are unavailable, and mobile optimization is basic, indicating room for technical modernization. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. Although some security headers are present, the lack of vulnerability disclosure policies, cookie consent mechanisms, and comprehensive privacy compliance measures highlight compliance gaps. The site does provide clear contact information and links to privacy and terms documents, but GDPR compliance is not fully evident. Overall, the website is functional and credible as a government service but requires urgent improvements in SSL deployment, privacy compliance, and security best practices to enhance trust and protect user data. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS versions, implementing cookie consent, and publishing a vulnerability disclosure policy.

T

TIM San Marino S.p.A.

tim.sm

31

TIM San Marino S.p.A. operates as a telecommunications provider in the Republic of San Marino, offering a range of services including fiber internet, mobile telephony, fixed telephony, and digital TV. The website targets residential and business customers within San Marino, positioning itself as a leading local telecom operator. The business model focuses on providing bundled telecom services and devices, supported by a professional online presence with clear service offerings and customer support channels. Technically, the website is built on WordPress 6.8.1, utilizing common libraries such as jQuery and Owl Carousel for UI components. SEO is enhanced via the Yoast SEO plugin, and the site includes structured data for improved search engine understanding. However, performance is suboptimal with a slow page load time of over 7 seconds, and accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are enabled, exposing users to potential risks. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Overall, while the business and content aspects are strong and trustworthy, the security posture is weak and requires urgent remediation to protect user data and maintain trust. Strategic improvements in SSL deployment, security headers, and performance optimization are recommended to elevate the site's security and technical maturity.

A

Applied Client Network

appliedclientnetwork.org

53

Applied Client Network is an independent global user community focused on the Applied Systems insurance software ecosystem. It provides education, industry advocacy, peer networking, and product influence to insurance agencies and professionals. The organization positions itself as a key resource for various roles within insurance agencies, including IT managers, account managers, and principals. Technically, the website is built on the DNN CMS platform, hosted on Amazon AWS infrastructure, and utilizes modern web technologies such as jQuery, Font Awesome, and Google Tag Manager. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant security concern. The presence of cookie consent mechanisms and a comprehensive privacy policy indicates good privacy compliance. Overall, the site offers good content quality and business credibility but requires urgent improvements in security posture to protect user data and enhance trust.

O

OpenAsso

openasso.org

55

OpenAsso is a French collaborative platform dedicated to the associative sector, providing expert articles and a Q&A module to support association managers. The platform emphasizes openness, collaboration, and quality content contributed by experts and community members. Technically, the site uses a variety of JavaScript libraries and is hosted on Microsoft Azure, leveraging the Assoconnect CMS platform. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent is managed via Axeptio, and analytics are implemented with Google Analytics, Google Tag Manager, and RudderStack, with consent-based activation. Overall, the site offers good content quality and user experience but requires urgent security improvements to enable HTTPS and strengthen its security posture.

I

IMT Mines Alès Alumni

mines-ales.org

40

IMT Mines Alès Alumni operates as a non-profit alumni association dedicated to serving graduates, students, and recruiters associated with IMT Mines Alès. The website provides comprehensive services including networking, career support, event management, and community engagement. It maintains a strong presence on social media and integrates multiple partner organizations, reflecting a well-established position within the French educational sector. The content is professionally presented in French, targeting alumni and related stakeholders. Technically, the website is built on a custom CMS platform with a technology stack including Apache, PHP, jQuery, Bootstrap, and various JavaScript libraries. While the site is mobile-optimized and SEO-friendly, performance metrics indicate slow loading times. The hosting appears to be with OVH, and the site uses several third-party services for analytics, cookie consent, and anti-bot measures. From a security perspective, the site implements several important HTTP security headers and a content security policy. However, the absence of a valid SSL certificate and lack of TLS protocol support significantly weaken its security posture. Cookies are set with secure and HttpOnly flags, and forms include anti-bot protection via hCaptcha. Privacy compliance is strong, with clear cookie and privacy policies and GDPR adherence. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to enhance security and user trust. Addressing these issues will improve the security score and overall risk profile, ensuring better protection for users and data integrity.

I

IMT Nord Europe Alumni

imt-lille-douai.org

40

IMT Nord Europe Alumni is a French non-profit alumni association serving graduates and students of IMT Nord Europe. The website provides a comprehensive platform for alumni networking, career services, events, and publications. It targets alumni, students, recruiters, and partners, positioning itself as a key community hub for the institution's graduates. The site is professionally designed with consistent branding and good content relevance, supporting a medium-sized organization in the education sector. Technically, the website uses a traditional LAMP stack with Apache and PHP, enhanced by modern JavaScript libraries such as jQuery, Bootstrap, and TinyMCE. The site is mobile-optimized and includes accessibility and SEO best practices, although performance is moderate. Hosting appears to be on a standard provider with no advanced CDN or cloud infrastructure detected. From a security perspective, the site implements several important HTTP security headers and a comprehensive Content Security Policy. However, it lacks a valid SSL certificate and proper TLS configuration, which is a critical vulnerability impacting user trust and data security. Cookie consent and privacy policies are implemented, indicating good privacy compliance, but no explicit security policy or incident response information is available. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS deployment and security posture to protect user data and maintain trust. Strategic enhancements in incident response and vulnerability disclosure policies would further strengthen its security maturity.

L

Le Club des Clubs Immobiliers

leclubdesclubsimmobiliers.org

53

Le Club des Clubs Immobiliers is a French non-profit association that unites over 10,000 real estate professionals from 27 alumni clubs of prestigious French schools and universities. The association organizes annual study trips, conferences, roundtables, and networking events to foster knowledge sharing and professional connections in the real estate sector. The website serves as an informational and event platform for its members and partners. Technically, the site is built on the AssoConnect platform, utilizing common JavaScript libraries and external CDNs. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. Cookie consent is properly implemented via Axeptio, and analytics are managed through Google Analytics and RudderStack with user consent. Overall, the site provides good content and user experience but requires urgent security improvements to protect user data and enhance trust.

E

EURECOM

eurecom.fr

40

EURECOM is a reputable graduate school and research center specializing in digital science, located in Sophia Antipolis, France. It offers advanced education and research programs in computer science, telecommunications, and digital security, targeting students, researchers, and industry partners. The institution holds recognized certifications such as the 4DIGITAL label and European Heritage Award, positioning it as a key player in digital education and research in Europe. Technically, the website is built on Drupal 9 with modern frontend libraries and integrates Google Tag Manager for analytics. However, the site suffers from a lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages are found on the homepage. Contact information is limited to a physical address and phone number, with no verified company emails available. Overall, the website presents professional content and good user experience but requires urgent security improvements to protect user data and enhance trust.

X

XMP-Consult

xmp-consult.org

40

XMP-Consult operates as a network of independent consultants primarily serving French-speaking business leaders and members seeking consulting services. The website provides a membership platform, events calendar, publications, and a newsletter to engage its community. The business model focuses on connecting consultants with clients and fostering professional development through events and shared resources. Technically, the site is hosted on OVH with Apache server, uses a variety of JavaScript libraries including jQuery, Bootstrap, and TinyMCE, and employs a CMS likely based on NetAssoc. While the site is content-rich and well-structured with good mobile optimization, performance is slow and SEO is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, despite good security headers and cookie consent mechanisms. Privacy compliance is strong with GDPR-aligned cookie policies and consent banners. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

I

iliad

iliad.it

40

Iliad Italia S.p.A. is a major telecommunications provider in Italy offering mobile telephony services including 4G and 5G, fiber internet via FTTH technology, and smartphone sales both new and refurbished. The company positions itself as a competitive and transparent operator with no hidden costs, targeting both private consumers and businesses. The website reflects a mature digital presence with comprehensive service offerings and clear customer support channels. Technically, the site uses modern JavaScript libraries and responsive design to ensure good user experience across devices. However, a critical security gap is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, Iliad's website is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.