High-risk security reports

umdasch Store Makers Management GmbH is a large, internationally operating company specializing in shopfitting and retail solutions, including consulting, project management, general contracting, and digital retail integration. The company is part of the Umdasch Group AG and serves retail businesses with comprehensive store design and implementation services. Their website reflects a professional and consistent brand presence with multilingual support and active social media engagement. Technically, the website uses Apache server technology with common JavaScript libraries for UI components but lacks a modern CMS indication. Hosting is managed via Azure DNS. Performance metrics are not provided but inferred as slow due to zero load time data. Security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy compliance is addressed with a comprehensive GDPR policy and cookie consent mechanism, though no explicit security policy or incident response contacts are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

RUD Gruppe is a well-established German manufacturing company specializing in chain systems and components for diverse industrial applications including lifting, securing, and transportation. With a history spanning approximately 140 years, the company operates globally and offers a broad product portfolio including lifting chains, securing devices, conveyor and drive technology, and specialized military and forestry chains. The website reflects a mature digital presence with multilingual support and structured navigation, powered by TYPO3 CMS and enhanced with caching and Google Tag Manager for analytics. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy policies and terms of service are present and comprehensive, supporting GDPR compliance, though cookie consent mechanisms are lacking. Social media integration is robust, enhancing brand trust and engagement.

Stepan Company operates as a global specialty and intermediate chemical supplier, providing chemical ingredients and formulations tailored to consumer and industrial markets. The company emphasizes innovation, sustainability, and extensive R&D capabilities, positioning itself as a large, reputable player in the manufacturing sector. Their website reflects a professional and comprehensive digital presence with clear navigation and rich content targeting B2B customers seeking chemical solutions. Technically, the website leverages Adobe Experience Manager as its CMS, integrates Salesforce platforms, and uses modern marketing and analytics tools such as Pardot, Adobe DTM, and Google Tag Manager. The site is hosted on Microsoft Azure DNS infrastructure and employs standard security headers and content security policies. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. From a security perspective, while some best practices like CSP and secure cookies are implemented, the lack of HTTPS and modern TLS protocols exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily available via web forms, with no direct emails or phone numbers published. Overall, the site is trustworthy and professionally managed but requires urgent remediation of its SSL/TLS configuration to meet modern security standards and improve user confidence.

fab it Consulting GmbH is a small German company specializing in IT consulting and software development services tailored for the financial industry. Established in 1995, the company focuses on delivering market-oriented software solutions, particularly in interface and API development for front-, middle-, and back-office financial systems. Their target audience includes banks, insurance companies, investment firms, and financial departments of large industrial enterprises. The website content is professional and relevant, reflecting a niche market position with a clear business model centered on B2B IT services in finance. Technically, the website uses an older technology stack including Apache server, Bootstrap 3, and jQuery 3.1.1. The site lacks modern performance optimizations and accessibility features, and the absence of HTTPS severely impacts security and trust. The website is accessible without WAF or blocking mechanisms, but it lacks critical security configurations such as SSL/TLS, HSTS, and security headers. There is no evidence of privacy or cookie policies, GDPR compliance indicators, or contact emails and phone numbers, limiting user trust and regulatory compliance. From a security perspective, the site is at high risk due to the lack of HTTPS and modern security headers. DNS records show no DNSSEC or CAA records, and the SSL certificate is invalid or missing. No incident response or security policies are published. The WHOIS data aligns well with the business claims, showing consistent registration and legitimacy. Overall, the website scores low on security and privacy compliance, moderate on business credibility, and good on content quality. Strategic recommendations include immediate implementation of HTTPS with a valid certificate, addition of security headers, publication of privacy and cookie policies to meet GDPR requirements, and enhancement of contact information transparency. These steps will improve trust, security posture, and regulatory compliance, supporting the company’s professional image and business growth.

R

R-Tech Dental

rtechdental.com

39

R-Tech Dental is a small, regionally focused dental equipment repair and sales company based in Minnesota, established in 1985. The company offers a range of services including equipment repair, chair re-upholstery, handpiece repair, consultation, and maintenance training, targeting dental professionals and offices primarily in Minnesota. Their website is built on HubSpot CMS using Bootstrap and jQuery, providing a professional and well-structured user experience with clear navigation and relevant content. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. While basic security headers are present, modern TLS protocols and advanced DNS security features are missing. Privacy compliance is minimal, with no cookie consent mechanism and limited GDPR indicators. Contact information is clearly provided, and trust signals such as testimonials and a published founder article enhance credibility. Overall, the website demonstrates good business credibility and content quality but requires urgent improvements in security and privacy compliance to reduce risk and enhance user trust.

S

Sovos Compliance, LLC

tocbiometrics.com

40

Sovos LATAM is a regional branch of Sovos Compliance, LLC, specializing in trust services that secure digital transactions, identity verification, and document management primarily for Latin American markets. The website presents a professional and comprehensive overview of their offerings, targeting businesses seeking compliance and digital trust solutions. Technically, the site is built on WordPress with Elementor and integrates multiple marketing and analytics tools, hosted on Pagely-ARES. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, significantly impacting the security posture. While security headers are well configured, the lack of encryption exposes users to risks. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is detected despite tracking scripts. Overall, the site is trustworthy and professionally maintained but urgently needs to address SSL/TLS to ensure secure communications.

The website visit-ucds.de is currently inaccessible beyond a Cloudflare security challenge page, which blocks access to any substantive content. This prevents a full assessment of the business, its services, or compliance posture. The domain is registered and uses Cloudflare for protection, but the SSL certificate is invalid or missing, resulting in no HTTPS support. The site lacks any visible privacy, cookie, or terms of service policies, and no contact information or business details are provided. Technically, the site uses Cloudflare's security and analytics services but fails to deliver meaningful content or user experience. Security headers are well configured, but the absence of valid SSL is a critical vulnerability. Overall, the site scores very low on content quality, privacy compliance, and business credibility due to the blocking and lack of information.

R

Red On line (COM)

gutwinski.at

32

Red-on-line is a well-established provider of integrated EHS (Environment, Health, and Safety) management solutions, combining software, consulting, and legal content to support corporate compliance and sustainability efforts. The company serves a broad international clientele, with over 2000 companies across more than 85 countries, positioning itself as a leader in the HSE software and consulting market. Their business model focuses on SaaS delivery complemented by expert consulting services, targeting medium to large enterprises with complex compliance needs. Technically, the website is built on WordPress with modern SEO and performance optimizations, including caching and monitoring tools like WP Rocket and New Relic. The presence of a GDPR-compliant consent management platform (Didomi) indicates a mature approach to privacy compliance. Security posture is basic but adequate, with HSTS enabled but lacking a valid SSL certificate on the analyzed domain, which may be a legacy or redirect domain. Overall, the site demonstrates professionalism and trustworthiness, though improvements in SSL configuration and additional security headers are recommended.

A

amazee.io

amazee.com

40

amazee.io is a managed open source enterprise hosting platform provider targeting large enterprises with a focus on data sovereignty, flexibility, and security. The company offers a fully managed PaaS leveraging Kubernetes and modern infrastructure, aiming to reduce time-to-market and increase ROI for its customers. The platform supports a wide range of frameworks and technologies, including Drupal, Gatsby, React, and more. Technically, the website is built using modern technologies such as React and Gatsby, with integrations for analytics and marketing tools like Google Tag Manager and HubSpot. The security posture is moderate, with essential security headers in place but lacking a valid SSL certificate and modern TLS support, which are critical for secure communications. Privacy compliance is strong, with clear privacy and cookie policies and GDPR considerations. Overall, the website presents a professional and trustworthy image, supported by certifications like ISO 27001 and SOC_NonCPA, and a parent company relationship with Mirantis.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

SW Umwelttechnik Stoiser & Wolschner AG

sw-umwelttechnik.com

34

SW Umwelttechnik Stoiser & Wolschner AG is a well-established manufacturer specializing in precast concrete products for infrastructure development, including civil engineering, traffic, and building sectors. The company operates across multiple Central and Eastern European countries with subsidiaries in Austria, Hungary, Romania, and Slovakia, positioning itself as a regional leader in sustainable construction materials. Their website reflects a professional and comprehensive digital presence, targeting infrastructure developers and construction companies. Technically, the site is built on TYPO3 CMS with PHP 8.1 and Bootstrap, offering good mobile optimization and accessibility, though performance is moderate due to lack of SSL and modern protocols. Security posture is weak, with no HTTPS enabled and missing critical SSL configurations, exposing the site to risks. Privacy compliance is strong, with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the business credibility is high, supported by detailed contact information, investor relations, and trust signals such as LinkedIn presence. Strategic improvements in security infrastructure are recommended to enhance trust and protect user data.

E

ELIX Polymers, S.L.U.

elix-polymers.com

40

ELIX Polymers, a member of Sinochem International, is a leading European manufacturer of ABS resins and derivatives, serving diverse industrial sectors including automotive, healthcare, and consumer goods. The company emphasizes innovation, sustainability, and customer service, operating globally with business relations in 40 countries. Their website reflects a professional and comprehensive digital presence with detailed corporate, product, and sustainability information. Technically, the site uses modern frameworks like Bootstrap and jQuery, hosted behind Cloudflare, but suffers from a critical lack of a valid SSL certificate and modern TLS support, which significantly impacts security posture. Privacy and cookie policies are well implemented with GDPR compliance and active consent mechanisms. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

T

Tech Gate Vienna

techgate.at

36

Tech Gate Vienna operates as a real estate business specializing in leasing office spaces and event rooms primarily targeting professionals, experts, and investors in Austria. The website content is in German and reflects a medium-sized business with a clear affiliation to STRABAG SE, a large construction and real estate group, as indicated by DNS and CDN usage. The technical infrastructure relies on legacy Lotus Domino servers with modern frontend libraries like jQuery and Bootstrap. However, the site lacks HTTPS, which is a critical security vulnerability. Cookie consent is implemented via OneTrust, showing GDPR compliance awareness. The absence of visible contact emails and phone numbers on the homepage limits direct user engagement. Overall, the website is professionally designed but technically outdated and insecure.

The website starragheckert.com is currently a parked domain page with no active business content or services. It primarily serves as a domain-for-sale landing page with advertising scripts and minimal textual content. The technical infrastructure is basic, hosted on Hetzner Online with a Caddy server, but lacks HTTPS and modern security configurations. The site uses third-party ad networks such as Google Adsense Domains CAF and AdsDeli for monetization. Security posture is weak due to the absence of SSL/TLS, security headers, and compliance policies. Overall, the site presents a low trust profile and minimal business credibility.

B

BFW

bfwindia.com

33

BFW is a well-established Indian machine tool manufacturer with a history dating back to 1961. The company specializes in high-precision machinery and custom manufacturing solutions, serving industries such as automotive, aerospace, electronics, and agriculture. Their website reflects a mature digital presence built on WordPress with Elementor and related plugins, offering rich content including product details, case studies, blogs, and event information. However, the site lacks a valid SSL certificate, which is a critical security gap. Contact information is comprehensive, including email, phone, and social media channels, but privacy and cookie policies are absent, indicating compliance gaps. Overall, BFW demonstrates strong business credibility and branding consistency but needs to improve its security posture and privacy compliance to meet modern standards.

I

i5invest corporate development

i5invest.com

36

i5invest corporate development is a medium-sized corporate development firm based in Austria, specializing in supporting innovative tech founders with strategy, business development, M&A, and capital provision. The company boasts a strong market position with over 250 transactions closed and a large executive network spanning multiple continents. Their business model focuses on long-term partnerships with tech scale-ups and providing hands-on support across capital, growth, and M&A processes. Technically, the website is built on WordPress with Elementor and integrates modern marketing and analytics tools such as Google Analytics and Tag Manager. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses a critical risk. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

U

Unverschwendet

unverschwendet.at

29

Unverschwendet is a small Austrian retail business specializing in transforming surplus fruits and vegetables into high-quality, sustainable food products such as jams, syrups, chutneys, and more. The company operates an e-commerce platform alongside physical market stands and partnerships with retail chains like HOFER under the 'Rettenswert' brand. Their business model focuses on sustainability and social responsibility, targeting environmentally conscious consumers and businesses seeking unique, sustainable gifts. Technically, the website is built on the Shopware platform, leveraging modern marketing and analytics tools including Google Tag Manager, Facebook Pixel, and Hotjar. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to insecure HTTP connections. Despite this, the site implements strong security headers and cookie consent mechanisms, demonstrating good privacy compliance. The domain registration is consistent and legitimate, supporting the business's credibility. Strategic improvements in security infrastructure are recommended to enhance user trust and compliance.

Wolters Kluwer Financial and Corporate Compliance is a division of Wolters Kluwer N.V., a global leader providing technology-enabled compliance, regulatory, and corporate services solutions primarily targeting financial institutions, corporations, and legal professionals. The website presents a professional, well-branded digital presence with comprehensive content describing their portfolio of compliance and regulatory products and services. The technical infrastructure leverages modern web technologies, including Cloudflare CDN, Azure DNS, and marketing/analytics tools such as Google Tag Manager, Marketo, and OneTrust for privacy compliance. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and lack of enabled TLS protocols, which severely impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented with consent mechanisms, but no explicit security or incident response policies are published. Overall, the site reflects a mature enterprise business with strong branding and content quality but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

A

Are you human? | Norwegian

norwegian.com

30

The norwegian.com website is currently inaccessible to general users due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires human verification. This prevents access to the actual website content, resulting in minimal visible information. The domain is registered and uses Cloudflare for DNS and protection, with Microsoft Outlook handling email services. However, the SSL certificate is invalid or missing, and no HTTPS is enabled, which is a critical security flaw. No privacy, cookie, or terms of service policies are found on the challenge page, nor is any contact or business information exposed. The technical infrastructure relies on Cloudflare's security and CDN services, but the lack of valid SSL and the blocking challenge significantly reduce the website's accessibility and trustworthiness.

C

Coleago Consulting

coleago.com

38

Coleago Consulting is a specialized telecommunications consulting and training firm offering expert services primarily to operators, regulators, digital service providers, and investors in the telecom sector. The company emphasizes experience-based consulting with partner-level consultants having over 20 years of industry experience. Their service portfolio includes spectrum valuation, auction strategy, regulatory advice, business planning, transaction services, and professional training. The website presents a professional and content-rich experience with clear navigation and strong branding consistency. Technically, the site is built on WordPress and uses Cloudflare for hosting and CDN services, with Google Analytics integrated for visitor tracking. However, the website lacks a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Cookie consent mechanisms are implemented and GDPR compliant, but no terms of service or explicit security policies are found. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

Maillis Group is a well-established manufacturing company specializing in secondary packaging systems, including strapping, wrapping, and box handling solutions. With over 50 years of experience, the company serves industrial and manufacturing sectors, providing integrated packaging machines, consumables, and services. The website reflects a professional and consistent brand presence targeting industrial clients. Technically, the site is built on Drupal 8 with PHP 7.2 backend and hosted likely on AWS infrastructure. It employs modern tracking and marketing tools such as Google Analytics, Google Tag Manager, and Albacross, alongside a comprehensive cookie consent mechanism. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and reducing trust. Security headers are well implemented but weakened by unsafe CSP directives. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Eviso Austria GmbH is a small marketing agency based in Vienna, Austria, operating since 2010. It functions as part of Canal+ Luxembourg S. à r.l, focusing on marketing and brand support for satellite television services, particularly the HD Austria® brand. The company targets consumers and business customers interested in satellite TV in Austria. The website content is minimal but provides essential business information and contact details. Technically, the website runs on Microsoft IIS 7.0 with ASP.NET and uses older JavaScript libraries. The site lacks HTTPS, modern security headers, and cookie consent mechanisms, indicating a low security posture. No forms or tracking scripts are present, reducing privacy risks but also limiting user engagement and analytics capabilities. Overall, the site is functional but outdated and insecure, requiring significant improvements in security and privacy compliance to meet modern standards.

F

fischerskis.com

fischerskis.com

40

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

Sweco

swecogroup.com

28

Sweco is a leading European architecture and engineering consultancy specializing in sustainable urban development, infrastructure, energy, and water solutions. With a workforce of 22,000 experts, the company serves a broad client base including public and private sectors, emphasizing sustainability and innovation. The website reflects a mature digital presence with comprehensive content, investor relations, and sustainability reporting. Technically, the site is built on WordPress with modern plugins and scripts, but suffers from a critical security flaw due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which undermines user trust and security. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, Sweco's digital footprint is professional and content-rich but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 29 security findings identified across all modules.

T

TCG Lifesciences Pvt. Limited

tcgls.com

40

TCG Lifesciences Pvt. Limited is a well-established global Contract Research and CDMO company specializing in pharmaceutical and biotech R&D services. Founded in 2001 and headquartered in India, the company operates internationally with subsidiaries such as Clininvent Research Pvt. Ltd. Their service portfolio includes chemistry synthesis, pharmacology, DMPK, analytical development, and manufacturing. The website reflects a mature digital presence built on WordPress with modern UI frameworks and SEO optimizations. However, the absence of a valid SSL/TLS certificate is a critical security gap that undermines user trust and data protection. While security headers are present, the lack of HTTPS and modern TLS protocols significantly reduces the security posture. Privacy compliance is partially addressed with a privacy policy but lacks cookie consent mechanisms and terms of service. Overall, the business credibility is strong, supported by certifications and social proof, but technical and security improvements are necessary to align with best practices.

E

EnliteAI GmbH

enlite.ai

40

EnliteAI GmbH is a specialized technology provider focused on Artificial Intelligence solutions, particularly in Reinforcement Learning, Computer Vision, and Power Grid Optimization. The company offers open-source frameworks like Maze and commercial platforms such as Detekt, targeting organizations seeking advanced AI integration. Their client portfolio includes notable enterprises, and recent seed funding supports their growth trajectory. Technically, the website is built on Webflow with modern analytics and consent tools, but lacks a valid SSL certificate, which impacts security posture. Security headers are partially implemented, and forms use Google reCAPTCHA for bot protection. Overall, the site is professional and content-rich but requires urgent SSL deployment to secure communications. Privacy compliance is addressed with cookie consent and policies, though no explicit security or incident response policies are published. Strategic recommendations include immediate SSL installation, enhanced security policy publication, and continuous privacy compliance improvements.

Y

YUMMY Publishing GmbH

yummy.digital

35

YUMMY Publishing GmbH operates the digital publishing platform Yumpu.com, providing tools for converting documents into online magazines with a global user base. The company targets publishers and businesses seeking innovative digital publishing solutions, leveraging cloud hosting and advanced rendering technologies. The website presents a professional brand image with notable client logos and a clear business focus on digital content publishing. Technically, the site uses SilverStripe CMS and common frontend libraries but lacks HTTPS, which is a critical security gap. The absence of SSL/TLS and security headers exposes the site to risks and undermines user trust. Privacy compliance is minimal, with no cookie consent mechanism detected and only a basic privacy policy available. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

Specialised Dispute Management Pty Ltd

sdmlegal.com

33

Specialised Dispute Management Pty Ltd is a small Australian legal services provider specializing in on-demand legal expertise and specialist litigation support, including employment law advisory services. The company targets businesses and law firms seeking pragmatic and commercial legal solutions. The website is built on the Squarespace platform, featuring professional design and clear navigation, but lacks advanced SEO and accessibility features. Security posture is weak due to the absence of a valid SSL certificate, disabled HSTS, and minimal security headers, exposing the site to potential risks. Privacy compliance is poor with no privacy or cookie policies present. Overall, the site demonstrates moderate business credibility with professional content and contact information but requires significant security improvements.

C

Cook Medical

cookmedical.com

40

Cook Medical is a family-owned healthcare company specializing in the development and manufacturing of minimally invasive medical devices. The company targets physicians, healthcare professionals, and patients globally, offering a broad portfolio of products and services including customer support, education, and innovation collaboration. The website reflects a well-established business with consistent branding and a professional online presence. Technically, the site is built on WordPress with modern technologies such as PHP 8, jQuery, and integrates third-party services like Google Tag Manager and Cookiebot for analytics and consent management. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly undermines the site's security posture despite the presence of strong security headers. Privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided, enhancing trust and compliance. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements to protect user data and maintain trust.

G

Global Voices

globalvoices.org

31

Global Voices is a reputable international non-profit media organization founded in 2005, focusing on multilingual journalism, digital rights, and human rights advocacy. The website serves a global audience with rich, regularly updated content and a strong contributor network. Technically, the site is built on WordPress with modern JavaScript libraries and integrates analytics and marketing tools such as Google Tag Manager, Plausible Analytics, and Mailchimp. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security gap. Privacy compliance is moderate, with a comprehensive privacy policy but no cookie consent mechanism detected. Overall, the website demonstrates excellent content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

K

KAEFER SE & Co. KG

kaefer.com

25

KAEFER SE & Co. KG is a global industrial services company specializing in technical services such as insulation, access solutions, surface protection, fire protection, and electrical/mechanical services. With over 33,000 employees and a presence in more than 150 cities across approximately 30 countries, KAEFER positions itself as a reliable partner for industrial plants, ships, and buildings worldwide. The website reflects a mature business with comprehensive service offerings and a strong emphasis on sustainability and innovation. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, WP Rocket, and Slider Revolution, providing a good user experience and SEO optimization. However, performance is moderate and accessibility is basic. Mobile optimization is good, and the site uses cookie consent management to comply with GDPR. From a security perspective, the site has implemented several important HTTP security headers and uses secure cookies. However, a critical issue is the absence of a valid SSL certificate and the lack of enabled TLS protocols, which severely impacts the security posture and user trust. This is a significant vulnerability that should be addressed immediately. Overall, the website is professional and trustworthy in content and business representation but requires urgent improvements in SSL/TLS configuration to ensure secure communications and protect user data.

A

Aura Light International AB

auralight.com

40

Aura Light International AB is a well-established company specializing in sustainable and energy-efficient lighting solutions for professional environments such as public spaces, industry, and retail. The company offers a broad range of products including luminaires, light sources, and smart lighting control systems, positioning itself as a leading player in the Nordic and international markets. The website reflects a professional B2B business model with clear product segmentation and customer engagement channels. Technically, the website is built on the Litium e-commerce platform with integrations such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is well-structured, mobile-optimized, and SEO-friendly, although performance metrics are not available. Hosting appears to be via Fastly CDN with Varnish caching. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability impacting user trust and data security. Security headers are partially implemented, but modern TLS protocols are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is readily available, but no explicit security policy or incident response details are found. Overall, Aura Light's website demonstrates solid business credibility and content quality but requires urgent improvements in SSL/TLS configuration to enhance security posture and user trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and publishing incident response contacts to strengthen security transparency.

The website at cbre.at is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page, which prevents direct access to any meaningful content. This limits the ability to analyze the business, technical infrastructure, and security posture in detail. The domain is registered and active with consistent DNS records but lacks DNSSEC and CAA records. The SSL/TLS configuration is critically lacking, with no valid certificate and no HTTPS support, which poses a significant security risk. Security headers are present but cannot compensate for the absence of HTTPS. No privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. Overall, the site appears to be protected by Cloudflare but is not currently serving accessible content, resulting in a low trust and quality score.

L

Leifheit

leifheit.com

38

Leifheit is a well-established German retail company specializing in household and kitchen products, with a strong brand presence and a history of over 65 years. The website serves as an e-commerce platform built on Shopware 6, offering a wide range of products including cleaning tools, laundry drying solutions, and kitchen utensils. The site is professionally designed with good navigation, mobile optimization, and rich multimedia content, targeting household consumers seeking quality products. Technically, the site uses modern JavaScript libraries and integrates marketing and analytics tools such as Bazaarvoice, Klaviyo, and Google Tag Manager. However, a critical security gap exists as the website currently lacks a valid SSL/TLS certificate and does not enforce HTTPS, exposing users to potential risks. Security headers are partially implemented, but the absence of HTTPS severely impacts the overall security posture. Privacy and cookie policies are present and include consent mechanisms, indicating compliance with GDPR requirements. Contact information is available via a contact page, though no explicit emails or phone numbers are embedded in the HTML content. The domain registration and DNS records are consistent with the company's German origin and business claims, supporting legitimacy. Strategic recommendations include immediate implementation of HTTPS, enhancement of security policies, and improved incident response readiness to strengthen trust and compliance.

A

Ansorg GmbH

ansorg.com

31

Ansorg GmbH is a German-based expert company specializing in retail lighting solutions, offering innovative products, lighting planning, and sustainable concepts tailored for retail environments. The company operates under the parent company Trilux and targets retail businesses and professionals seeking high-quality lighting solutions. The website is built on TYPO3 CMS, uses Matomo for analytics, and integrates cookie consent mechanisms, reflecting a modern digital infrastructure. However, the lack of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. Security headers are well configured, but the absence of TLS protocols and certificate transparency compliance are critical gaps. Overall, the website is professional, content-rich, and trustworthy but requires urgent SSL/TLS remediation to ensure secure communications and improve trust.

B

Blackburne & Sons Realty Capital Corporation

blackburneandsons.com

39

Blackburne & Sons Realty Capital Corporation is a specialized hard money commercial lending company founded in 1980, managing approximately $50 million in trust deed investments. The company targets accredited investors seeking first mortgage loans secured by income-producing commercial real estate. Their business model focuses on syndicating private investors to fund commercial loans, leveraging their ownership of C-Loans.com to source loan applications. The website presents a professional and consistent brand image with clear service offerings and multiple contact channels. Technically, the site is built on WordPress hosted by WP Engine, using common plugins such as Yoast SEO and Ninja Forms, but lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. The security posture is weak due to missing HTTPS and security headers, though no active vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and credible but requires urgent security improvements to protect user data and build trust.

J

John Cabot University

johncabot.edu

40

John Cabot University is an established American liberal arts university located in Rome, Italy, offering undergraduate and graduate degree programs along with study abroad opportunities. The website effectively targets prospective students, alumni, and academic professionals with comprehensive academic information, events, and community engagement content. The university maintains a consistent brand presence and trust indicators such as accreditation and testimonials. Technically, the site is built on ASP.NET with modern front-end libraries like jQuery and Bootstrap, hosted behind Cloudflare, and uses OmniUpdate CMS. However, performance metrics are missing, and the site lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. The site integrates marketing and analytics tools such as Google Analytics and HubSpot forms, indicating a mature digital marketing approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

I

Intermarket Bank AG

intermarket.at

36

Intermarket Bank AG is a specialized financial institution under the Erste Group umbrella, focusing on factoring and supply-chain finance solutions primarily for small to medium enterprises in Austria and the CEE region. The website presents a professional and consistent brand image with clear product offerings and a user-friendly interface. Technically, the site uses a proprietary CMS (GEM) and is hosted on AWS CloudFront, leveraging modern marketing and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS availability, which severely impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact is primarily facilitated through a contact form. Overall, the site is credible and well-positioned in its market but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

The website dotzauer.com is currently inaccessible due to an HTTP 403 Forbidden response indicating that the site has been blocked by the hosting provider or a web application firewall (WAF). As a result, no content, metadata, or business information is available for analysis. The domain is registered and DNS records are properly configured, including valid A, AAAA, and MX records, but the site lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. Hosting is provided by world4you.at, and the server runs nginx. Due to the blocked content and lack of SSL, the overall security posture and technical maturity are very low. No privacy, cookie, or terms of service policies are present, and no contact or business details are exposed on the site. This severely limits the ability to assess business credibility or compliance.

Z

Zell Materials GmbH

zellamid.com

33

Zell Materials GmbH is a medium-sized manufacturing company specializing in engineering plastics, offering a range of products including general purpose materials, special performance materials, and high performance materials. The company operates primarily in the manufacturing sector and serves industrial and engineering clients. Their website provides product finders, material comparison tools, and a B2B webshop, indicating a mature digital presence tailored to professional customers. Technically, the website uses Apache server technology, ezPublish CMS, and includes JavaScript libraries such as jQuery and YUI. However, the absence of SSL/TLS encryption and DNS records significantly undermines the security posture and operational reliability of the domain. The site includes comprehensive privacy and cookie policies with consent mechanisms, reflecting good privacy compliance practices. Security headers are minimal, and no explicit security or incident response policies are published. Overall, the website is professionally designed with consistent branding but requires urgent security improvements to protect users and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

SupplyTECH

supplytech.fr

32

SupplyTECH operates as a small French consulting and outsourced quality service provider specializing in regulatory and standardization compliance for Import/Export businesses. The website content is minimal and primarily serves as an informational landing page directing users to a parent company site for contact. Technically, the site runs on Apache with basic front-end technologies and includes Google Analytics for visitor tracking. However, the absence of HTTPS and a valid SSL certificate severely undermines the security posture, exposing users to potential data interception risks. The lack of privacy and cookie policies further indicates non-compliance with GDPR requirements. Overall, the site demonstrates a low level of digital maturity and security readiness, which could impact user trust and regulatory compliance.

A

Agfa-Gevaert Group

agfa.com

40

Agfa-Gevaert Group is a well-established global technology company specializing in imaging, healthcare IT, industrial specialty products, and green hydrogen solutions. The corporate website provides comprehensive information about its business units, investor relations, sustainability efforts, and contact points. The site is built on WordPress using the Avada theme, demonstrating a modern and professional digital presence with good mobile optimization and accessibility. However, the security posture is weakened by an invalid SSL certificate and lack of proper TLS protocol support, which poses a significant risk to user trust and data security. The company has implemented a detailed cookie consent mechanism and maintains a comprehensive privacy policy, indicating strong privacy compliance. Overall, the website reflects a mature enterprise with a solid business model but requires urgent improvements in its security infrastructure to align with best practices.

BFI Oberösterreich is a leading adult education provider in Upper Austria offering a wide range of vocational training, adult education courses, and customized corporate training programs. The website is built on TYPO3 CMS and incorporates modern frontend technologies such as jQuery and Bootstrap, providing a professional and accessible user experience. The business targets both private individuals and companies, emphasizing lifelong learning and workforce development. The site includes comprehensive course catalogs, contact information, and trust signals such as certifications and partnerships with official bodies. From a technical perspective, the website demonstrates good content quality, SEO, and accessibility, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. Security headers are partially implemented, but the lack of TLS protocols and HSTS reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and credible but requires urgent improvements in SSL/TLS configuration to ensure secure communications and protect user data. Addressing these security gaps will enhance trust and compliance with modern web security standards.

P

Permapack AG

permapack.ch

26

Permapack AG is a Swiss family-owned manufacturing and trading company specializing in high-quality products such as labels, adhesive tapes, films, sealants, and garden articles. The company serves various sectors including food, cosmetics, industry, construction, and retail, offering both standard products and customized solutions. Their business model combines B2B sales with an online shop and extensive production services. The website reflects a medium-sized enterprise with a consistent brand presence and strong trust indicators such as awards and social media engagement. Technically, the site uses a custom e-commerce platform with modern JavaScript libraries and tracking tools, hosted by IP-Plus AG. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to risks and limiting secure communications. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements.