High-risk security reports

W

WunderLand Group

wunderlandgroup.com

37

WunderLand Group is a mature, medium-sized staffing solutions firm specializing in digital, creative, and marketing workforce services. The company offers a broad range of expertise including UX design, content editing, front-end development, and project management. Their market position is supported by strong client and consultant testimonials and industry awards such as the Best of Staffing®. Technically, the website is built on WordPress with Elementor and uses a variety of modern JavaScript libraries and marketing tools, hosted on WP Engine with Cloudflare CDN. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and undermining trust. Privacy compliance is partially addressed with a cookie consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the business credibility is solid, but the security weaknesses require urgent remediation.

C

CRIF Österreich

crif.at

40

CRIF Österreich operates as a leading provider of credit and risk management solutions, serving both businesses and private individuals primarily in Austria but also internationally. The company offers a broad portfolio including creditworthiness assessments, compliance, ESG risk management, identity management, and marketing services. The website reflects a mature enterprise with consistent branding and comprehensive content tailored to its target audience. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and Swiper.js, alongside Matomo analytics and Usercentrics for consent management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements.

Wind Tre S.p.A. is a major Italian telecommunications operator offering a comprehensive range of services including mobile telephony, fiber and fixed internet, energy supply, and insurance products. The company targets both private consumers and business customers in Italy, positioning itself as a one-stop provider for connectivity, energy, and insurance needs. The website reflects a mature, well-established enterprise with a strong brand presence and extensive service offerings. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Target and Google Tag Manager for marketing and analytics. However, the main domain lacks a valid SSL/TLS certificate and does not support HTTPS, which is a significant security concern. The site includes comprehensive legal, privacy, and cookie policies, demonstrating good privacy compliance and transparency. Contact information is clearly provided, including verified company emails, phone numbers, and social media channels. Overall, the security posture is basic due to missing HTTPS and related configurations, but the business credibility and content quality are high.

The website allianz.co.uk is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any substantive content, including business descriptions, contact information, or policy documents. The domain is mature, registered since 1999, and associated with a reputable registrar, indicating legitimacy. However, the lack of a valid SSL certificate and HTTPS support is a critical security flaw. The presence of multiple security headers is positive but overshadowed by the SSL misconfiguration. Overall, the site’s digital maturity and security posture cannot be fully assessed due to access restrictions, resulting in a low AI score and limited insights.

C

CP BAP

bankseminar.eu

35

CP BAP is a consulting company specializing in financial services and related sectors, offering tailored consulting, IT solutions, and blended learning services. The company positions itself as a trusted partner with a focus on sustainable success and regulatory compliance. The website is professionally designed with good content quality and SEO optimization, targeting financial institutions such as banks and IT service providers. Technically, the site is built on WordPress with Elementor and uses various plugins for search and cookie management. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

W

Weitzer Parkett Vertriebs GmbH

weitzer-parkett.com

40

Weitzer Parkett Vertriebs GmbH is a well-established Austrian family-owned manufacturer and distributor of parquet flooring and wooden stairs, with a history dating back to 1831. The company holds a leading market position in Austria and is recognized as one of the top parquet manufacturers in Europe. Their product portfolio includes innovative parquet solutions such as Pflegefrei-Parkett, Gesund-Parkett, and Flüster-Parkett, emphasizing sustainability and ecological responsibility. The website reflects a mature digital presence with comprehensive product information, multi-language support, and strong branding consistency. Technically, the website is built on WordPress with WooCommerce, utilizing modern libraries and plugins such as jQuery, Slick Slider, and Borlabs Cookie for cookie management. It is hosted behind Cloudflare, providing CDN and security services. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting user trust and data protection. The site implements GDPR-compliant privacy and cookie policies with explicit consent mechanisms. From a security perspective, while the site benefits from Cloudflare's protection and uses reCAPTCHA on forms, the lack of HTTPS and modern TLS protocols, as well as missing security headers like HSTS, reduce its security posture. No explicit security policy or incident response information is found, which could be improved to enhance transparency and readiness. Overall, the website is professional, content-rich, and business-credible but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling HTTPS, and enhancing security headers and protocols.

7

7LYTIX GMBH

7lytix.com

40

7LYTIX GMBH is a mature Austrian AI software company specializing in Action Intelligence solutions that optimize business processes such as predictive maintenance, supply chain management, and intelligent personalization. Recently acquired by the KEBA Group, 7LYTIX targets medium to large enterprises in manufacturing, retail, logistics, finance, and media sectors. The website reflects a professional and consistent brand presence with clear business information and customer trust indicators. Technically, the site uses modern JavaScript libraries and frameworks like Bootstrap and jQuery, with analytics implemented via Google Analytics and Matomo. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy and cookie policies are present but basic, and no explicit security or incident response policies are found on the site. Overall, the business credibility is strong, but the security configuration requires urgent improvement to protect user data and maintain trust.

F

Flowserve Corporation

flowserve.com

40

Flowserve Corporation is a global enterprise specializing in manufacturing and servicing industrial flow control products such as pumps, valves, seals, and actuators. The company serves critical industries including energy, chemicals, water management, and oil & gas, positioning itself as a market leader with a comprehensive product portfolio and strong brand presence. The website reflects a mature digital infrastructure built on Drupal 10, with modern front-end technologies and multi-language support, indicating a high level of digital maturity and user experience focus. Security posture is mixed; while security headers and policies are well implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk to secure communications. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to improve security and user trust.

dsm-firmenich is a leading global innovator in nutrition, health, and beauty, formed by the combination of two major companies. The website presents a comprehensive and professional digital presence with detailed information about their business units, sustainability efforts, and investor relations. The technical infrastructure is modern, leveraging Adobe Experience Manager CMS and marketing tools such as Marketo and Adobe Helix RUM. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is content-rich and professionally designed but requires urgent security improvements to meet industry standards.

W

Weingut Michael Schroth

weingut-schroth.de

34

Weingut Michael Schroth is a small regional winery located in Grünstadt-Asselheim, Germany, specializing in a variety of wines including Winzersekt, Chardonnay, and Riesling. The website serves primarily as a digital presence showcasing the winery's offerings and regional identity. The business model focuses on wine production and sales targeted at wine consumers interested in the Pfalz region's specialties. Technically, the website uses basic HTML, CSS, JavaScript, and Adobe Typekit fonts, with jQuery for scripting. Hosting appears to be provided by Ionos, but the site suffers from slow load times and minimal mobile optimization. Security posture is weak, with no SSL/TLS certificate, no HTTPS, and absence of security headers or DNS security features. Privacy and compliance policies are missing, and no contact information is provided on the landing page, limiting user trust and regulatory compliance. Overall, the site is functional but lacks modern security and privacy standards, which poses risks to visitors and the business's credibility.

The Cheeky Crow Massage Co. operates an e-commerce storefront focused on massage-related services or products, hosted on the Big Cartel platform. The website is currently in maintenance mode, providing minimal content and no direct contact or policy information. Technically, the site uses Cloudflare for CDN and security headers are present; however, the lack of a valid SSL certificate means HTTPS is not properly enabled, severely impacting security and trust. Privacy and cookie policies are absent, and no contact details are provided, limiting user trust and compliance. Overall, the site is a small business with basic digital presence but requires significant improvements in security and compliance to meet modern standards.

F

Festspielhaus St. Pölten

festspielhaus.at

36

Festspielhaus St. Pölten is a prominent cultural venue in Austria specializing in dance, music, and architectural events. The website serves as a comprehensive platform for event information, ticket sales, subscriptions, and educational programs, targeting a diverse audience including families, schools, and cultural enthusiasts. The business is well-positioned regionally with a strong brand presence and partnerships with local institutions. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is basic with no advanced headers or HTTPS, though privacy compliance is well addressed with detailed cookie and privacy policies. Overall, the site is professional and content-rich but requires urgent security improvements to enhance trust and compliance.

I

IOSBET

shelfsailor.com

32

The website shelfsailor.com operates as an online slot gaming platform branded as IOSBET, targeting the Indonesian market. It offers online slot games with a system designed to increase winning chances daily. The site positions itself as a new entrant in the online gaming sector with a focus on Indonesian users, leveraging affiliate partnerships with established e-commerce platforms like Lazada. The business model revolves around online gaming services with promotional and affiliate marketing components. Technically, the site employs modern JavaScript frameworks including React and uses extensive tracking and analytics tools from Alibaba's ecosystem, indicating a moderate level of digital maturity. However, the site suffers from slow performance due to large page size and numerous resources, and it lacks mobile optimization and accessibility features. Security-wise, the absence of HTTPS and security headers significantly weakens its posture, exposing users to potential risks. No privacy or cookie policies are present, and contact information is missing, which raises compliance and trust concerns. Overall, the site is accessible without WAF or security challenges but requires urgent improvements in security, privacy compliance, and performance to enhance user trust and operational integrity.

L

Lakeside Labs GmbH

lakeside-labs.com

35

Lakeside Labs GmbH operates as a research and innovation hub specializing in self-organizing networked systems. The organization targets researchers, technology innovators, and academic-industry partners, offering research projects, publications, and collaborative partnerships. The website reflects a medium-sized technology entity based in Austria with a professional online presence and consistent branding. Technically, the site is built on WordPress with common plugins and libraries, but suffers from slow performance and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and missing DNS records, which undermines trust and exposes the site to potential risks. Privacy compliance is minimal, lacking cookie consent and comprehensive GDPR indicators. Overall, the site is functional but requires significant improvements in security and compliance to enhance trustworthiness and protect user data.

C

Christof Group

christof-group.at

26

Christof Group is a large, family-owned industrial group specializing in critical process equipment manufacturing and plant engineering services, operating across Austria, Germany, and Slovenia. The company is positioned as a world leader in its sector with a strong portfolio of subsidiaries and a history of over 150 years in the industry. The website reflects a professional B2B business model targeting industrial clients in energy, petrochemical, and pharmaceutical sectors. Technically, the site is built on WordPress with modern SEO and multilingual capabilities but lacks HTTPS, which is a significant security shortfall. The security posture is weak due to the absence of SSL/TLS encryption and limited security headers, exposing the site to potential risks. Privacy compliance is addressed with a cookie consent mechanism and privacy policy, but incident response and security policies are missing. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

SPAR International

spar-international.com

32

SPAR International is a well-established global voluntary food retail group founded in 1932, operating over 13,900 stores across 48 countries. The business model focuses on licensed wholesalers and retailers working in partnership to deliver diverse store formats and retail solutions. The website reflects a mature digital presence with comprehensive content, clear navigation, and a focus on partner engagement and responsible retailing. Technically, the site is built on WordPress with common plugins and libraries, but suffers from significant security shortcomings including lack of a valid SSL certificate and DNS configuration issues. Privacy compliance is well addressed through Cookiebot consent management and a comprehensive privacy policy. However, the absence of HTTPS and security headers poses risks to user data and trust. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices and user expectations.

K

Kering Eyewear S.p.A.

keringeyewear.com

40

Kering Eyewear S.p.A. is a prominent luxury eyewear company operating under the global Kering Group umbrella. Established in 2014 and headquartered in Italy, it designs, develops, and distributes eyewear for a portfolio of 14 prestigious brands, including proprietary and licensed luxury houses. The company positions itself as a market leader in the luxury eyewear segment, targeting discerning consumers and industry partners. The website reflects a high level of professionalism with rich multimedia content, clear navigation, and consistent branding across multiple languages and regions. Technically, the site leverages modern JavaScript libraries, Google Tag Manager for analytics, and OneTrust for cookie consent, hosted on Microsoft Azure infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Contact information is available, though no phone numbers are explicitly provided. Overall, the site demonstrates strong business credibility but requires urgent security improvements to meet modern standards.

N

Nederman Holding AB

nederman.com

37

Nederman Holding AB is a well-established global leader in industrial air filtration and environmental technology, with a history dating back to 1944. The company offers a comprehensive range of products and services focused on protecting people, the environment, and production processes from harmful industrial emissions. Their market position is strong, supported by multiple subsidiaries and a broad product portfolio including dust and fume extraction systems and connected IIoT solutions. Technically, the website is built on a modern stack including Bootstrap, jQuery, and Sitecore CMS, hosted via Cloudflare, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Privacy compliance is partially addressed through OneTrust cookie consent, but no explicit GDPR or security policies are found. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

M

MCR

morse.com

40

MCR is a well-established and large hotel management and ownership company, recognized as the third largest hotel owner-operator in the United States. The company operates a diverse portfolio of hotels across multiple states and brands, with a strong reputation supported by numerous industry awards and recognitions. The website reflects a mature business with a professional online presence, targeting investors, partners, and hospitality professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery and Google Maps integration, but suffers from a lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts its security posture. Security headers are well implemented, but the absence of SSL and modern TLS protocols is a critical vulnerability. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of use, but the lack of a cookie consent mechanism is a gap. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

A

ASSA ABLOY Group - global leader in access solutions | ASSA ABLOY

assaabloy.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 19 security findings identified across all modules.

P

Peak Technology

peaktechnology.at

29

Peak Technology is a specialized engineering company focused on manufacturing bespoke carbon fibre components and high pressure vessels primarily for the space and motorsport industries. The company positions itself as a trusted partner with over 15 years of motorsport championship involvement and expertise in space mission components. Their business model is B2B, providing high-tech composite solutions with certifications such as ISO 9001 and EN 9100 that underline their quality management commitment. The website is professionally designed using WordPress with modern SEO practices and structured data, targeting industry professionals and partners. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines trust and data protection. The site lacks a cookie consent mechanism despite setting cookies, and no incident response or vulnerability disclosure policies are visible. Overall, the technical infrastructure is moderate with room for improvement in security and privacy compliance. Strategic recommendations include immediate SSL deployment, enhanced security headers, and formalized security policies to improve the security posture and trustworthiness of the digital presence.

A

Algonquin Orthodontics

algonquinorthodontics.com

36

Algonquin Orthodontics is a specialized orthodontic practice located in Lake in the Hills, Illinois, led by Dr. Amer Shammaa. The practice offers a range of orthodontic services including metal braces, clear braces, and Invisalign® clear aligners, targeting patients of all ages in the local McHenry County area. The website presents a professional and user-friendly interface with clear navigation and relevant content aimed at educating and attracting patients. Technically, the site is built on a Symfony PHP framework hosted on AWS infrastructure, utilizing modern web fonts and iconography, and integrates Google Tag Manager for analytics. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security headers are minimal, and privacy compliance is poor due to the absence of privacy and cookie policies. The WHOIS data aligns with the business claims, indicating a legitimate small healthcare business. Overall, while the business and content quality are good, the security posture and privacy compliance require urgent improvements to enhance trust and protect user data.

S

SEEBURGER: Integrate your business in any cloud

seeburger.com

37

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

P

pluradent-austria.at

pluradent-austria.at

37

The website pluradent-austria.at operates as an affiliate media platform specializing in online casino reviews and rankings targeted at Austrian players. It provides comprehensive content on casino options, bonuses, payment methods, legal considerations, and responsible gambling. The site is hosted behind Cloudflare and uses modern JavaScript libraries like Swiper.js for UI components. However, the site lacks a valid SSL certificate, resulting in no secure HTTPS connection, which significantly impacts its security posture. Security headers are present but cannot compensate for the missing SSL. Privacy compliance is poor due to the absence of privacy and cookie policies, and no contact information is provided, limiting business credibility. Overall, the site offers good content quality and moderate professionalism but requires urgent improvements in security and privacy to enhance trust and compliance.

Chiesi Farmaceutici S.p.A is a well-established global pharmaceutical company headquartered in Italy, recognized among the top 50 pharmaceutical companies worldwide. The company specializes in respiratory, neonatology, and rare diseases with over 80 years of experience. Their business model focuses on pharmaceutical research, development, manufacturing, and global partnerships, supported by a broad network of subsidiaries across multiple countries. The website reflects a professional corporate presence with comprehensive content targeting healthcare professionals, patients, and partners. Technically, the site uses a PHP backend with various JavaScript libraries and analytics tools, hosted on Azure DNS infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the security posture. Security headers are implemented but cannot compensate for the missing encryption. Privacy and cookie policies are present with consent mechanisms, indicating good compliance practices. The WHOIS data confirms domain legitimacy and consistency with the company's profile. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

G

Geiger.com

geiger.com

40

Geiger.com is a large, family-owned US-based distributor specializing in promotional products, corporate gifts, and imprinted apparel. The company positions itself as the largest family-owned promotional product distributor in the US, serving a broad business audience with a comprehensive product catalog and services including custom products, kitting, corporate programs, and expos. The website reflects a mature digital presence with extensive product categories, client brand logos, and active social media engagement. Technically, the website uses modern JavaScript frameworks such as Vue.js and Bootstrap 5, hosted likely on AWS infrastructure. Marketing and analytics tools include Google Tag Manager, Google Analytics, Osano CMP for consent management, Filestack for file handling, and Searchspring for search functionality. The site is mobile-optimized and accessible with good SEO practices, though performance metrics indicate slow loading. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. While some security headers are present, key TLS protocols and best practices like HSTS, OCSP stapling, and session resumption are not enabled. No incident response or vulnerability disclosure policies are found. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professionally designed and credible from a business standpoint but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security headers and protocols, implementing cookie consent, and publishing incident response information.

L

LVA GmbH

lva-gmbh.at

37

LVA GmbH is a well-established Austrian company specializing in food safety, quality control, certification, and training services primarily targeting the food, cosmetics, pharmaceutical, and supplement industries. Founded in 1926, it holds a strong market position as a leading competence center in the Central and Eastern European region, serving clients in over 80 countries. The company offers a comprehensive portfolio including laboratory analyses, expert assessments, inspections, research, and educational seminars. Technically, the website is built on WordPress with modern SEO and cookie consent tools, but lacks a valid SSL certificate, which impacts security and user trust. The security posture is basic with no HTTPS, no HSTS, and missing advanced security headers, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent security improvements to align with best practices.

D

DIG GmbH

dig.at

40

DIG GmbH is a medium-sized Austrian company specializing in digital spend management solutions across Source2Pay, Finance, and Supply Chain sectors. As part of the Proalpha Group, DIG offers ERP-independent software and consulting services targeting enterprises seeking to optimize procurement and financial processes. The website demonstrates a professional and consistent brand presence with comprehensive content, customer testimonials, and references from reputable clients. Technically, the site is built on the HubSpot CMS platform, utilizing modern marketing and analytics tools such as HubSpot Analytics, Google Tag Manager, and Cookiebot for consent management. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Performance is also suboptimal with a high load time and resource count. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is credible and well-positioned in its market but requires urgent security improvements.

sprungbrett.at is an Austrian job platform focused on connecting job seekers with employment opportunities primarily in commercial and technical sectors. The website offers job listings, initiative application options, and personnel search services for companies. It targets job seekers in Austria and positions itself as a regional recruitment service with a professional and user-friendly interface. Technically, the site uses a Contao CMS backend with PHP 7.4 and nginx server, integrating common web technologies such as jQuery, Google Analytics, Google Maps API, and ShareThis for social sharing. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Security headers are present but undermined by the absence of HTTPS. Privacy compliance is weak, with no visible privacy or cookie policies. Contact information is clearly provided, including email, phone, and physical address, enhancing business credibility. Overall, the site is functional and professional but requires urgent security and compliance improvements.

The website iiasacat.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks direct content access. This prevents any meaningful extraction of business, contact, or policy information. The domain is registered and uses Cloudflare for DNS and security services, but lacks a valid SSL certificate, which is a critical security deficiency. The absence of visible content, metadata, or structured data indicates the site is either under protection or not publicly available. Consequently, the technical infrastructure appears to rely heavily on Cloudflare's security platform, but the lack of HTTPS and content accessibility severely limits digital maturity and user trust. Security headers are present, but without valid SSL, the overall security posture is weak. No privacy or cookie policies are found, indicating poor compliance with data protection regulations. Overall, the site presents a high risk due to inaccessibility and missing security best practices.

N

NOA

noa-vu.nl

35

NOA is a Dutch company specializing in scientifically validated online assessments and psychological tests, primarily serving educational institutions, HR professionals, and reintegration sectors. With over 25 years of experience and origins linked to the Vrije Universiteit, NOA holds a strong market position supported by ISO 9001 and ISO 27001 certifications. The website reflects a professional and consistent brand with comprehensive content and clear navigation, targeting Dutch-speaking audiences. Technically, the site uses Microsoft IIS with ASP.NET and Umbraco CMS, integrating modern tools like Google Tag Manager and Elmah.io for error logging. However, the absence of HTTPS is a critical security gap, exposing users to potential risks. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Contact information is complete and accessible, enhancing business credibility.

O

Oskar Schmidt GmbH

schmidtauto.at

33

Autohaus Schmidt, officially Oskar Schmidt GmbH, is a well-established automobile dealership and service provider based in Salzburg, Austria, with a history dating back to 1928. The company operates multiple locations and offers a wide range of services including new and used car sales, vehicle rental, servicing, repairs, and financing. Their market position is strong within the regional transportation sector, supported by authorized partnerships with major car brands such as Ford, Volvo, Peugeot, and Citroën. The website reflects a professional and consistent brand image targeting car buyers and service customers in Salzburg and surrounding areas. Technically, the website uses modern JavaScript, AWS CloudFront CDN, and Google Tag Manager for analytics and marketing. However, it lacks HTTPS, which is a critical security deficiency. The site includes cookie consent mechanisms and privacy policies compliant with GDPR, indicating a good level of privacy awareness. Performance data is unavailable, but the site appears mobile-optimized and SEO-friendly. From a security perspective, the absence of SSL/TLS encryption severely impacts the site's security posture, exposing users to potential risks. Other security headers and best practices are partially implemented but overshadowed by the lack of HTTPS. No incident response or vulnerability disclosure policies are present. The domain registration data aligns well with the business claims, enhancing trustworthiness. Overall, while the business and website demonstrate professionalism and good content quality, the critical lack of HTTPS significantly lowers the security score and overall risk profile. Strategic improvements in security infrastructure are essential to protect users and maintain trust.

S&P Global is a leading enterprise in the financial data and analytics sector, providing essential intelligence through a combination of data, connected technologies, and expert insights. The website reflects a mature, well-structured digital presence with comprehensive content targeting financial professionals and enterprises. Technically, the site leverages Adobe Experience Manager CMS, integrates modern analytics and error tracking tools, and maintains good SEO and accessibility standards. However, a critical security gap exists due to the absence of a valid SSL certificate, which significantly impacts the security posture and overall trustworthiness. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. The domain registration aligns with the company's long-standing history and public presence, reinforcing legitimacy. Strategic improvements in SSL configuration and enhanced security practices are recommended to elevate the site's security and trust levels.

A

Amomed Pharma GmbH

amomed.com

25

Amomed Pharma GmbH is a medium-sized healthcare company specializing in pharmaceutical products for intensive care, emergency medicine, anesthesia, psychiatry, and neurology. The company operates as a member of the AOP Health Group, providing critical care medications aimed at reducing mortality and improving quality of life. The website targets healthcare professionals and institutions, offering product information and therapy solutions. Technically, the website is built on WordPress with a PHP backend and uses common web technologies such as jQuery, Bootstrap, and Font Awesome. However, the site lacks a valid SSL certificate, resulting in no proper HTTPS support, which is a significant security concern. Security headers are partially implemented, but critical configurations like TLS protocols and cipher suites are missing. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is not readily visible on the homepage, limiting user trust and engagement. Overall, the website demonstrates moderate digital maturity but requires urgent improvements in security and privacy to meet modern standards.

D

Donauchem GmbH

donauchem.at

36

Donauchem GmbH is a medium-sized chemical distributor operating primarily in Austria and Central/Eastern Europe. The company specializes in the distribution of chemical raw materials and offers tailored product development through its own research and development department. It serves diverse industries including food, pharma, cosmetics, agriculture, and manufacturing. The website reflects a professional business with clear branding and a comprehensive product portfolio. Technically, the site is built on ASP.NET Web Forms with Kentico CMS and hosted on Microsoft IIS. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the security posture. Privacy compliance is well addressed with a privacy policy and cookie consent mechanism in place. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

The website madanyu.org is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block page, which prevents access to any substantive content. The domain is very young, registered in October 2024, and uses privacy protection services for WHOIS data, which obscures registrant details. No business information, contact details, or policies are publicly available on the site. Technically, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The DNS is managed via Cloudflare, but the absence of a valid certificate and enabled TLS protocols severely impacts security posture. Overall, the site appears to be in an early or unestablished state with minimal digital maturity and poor security hygiene.

G

Globo Lighting

globo-lighting.com

30

Globo Lighting is a well-established European retailer specializing in a wide range of lighting products, including indoor and outdoor lamps, ceiling lights, wall lights, and decorative lighting solutions. With over 25 years of market presence and multiple physical showrooms, the company offers a comprehensive e-commerce platform with detailed product information and multiple language support. The technical infrastructure is based on modern technologies such as Shopware CMS and is hosted on Google Cloud, but lacks a valid SSL certificate, resulting in an insecure HTTP-only connection. Security headers are properly configured, but the absence of HTTPS significantly weakens the security posture. Privacy and cookie policies are present and include consent mechanisms, indicating good compliance with GDPR requirements. The domain is mature and registered consistently with the business profile, enhancing trustworthiness. Overall, the website provides an excellent user experience and professional content but requires urgent security improvements to protect user data and enhance trust.

C

Chrisanne Clover

chrisanne.com

38

Chrisanne Clover operates a professional e-commerce platform specializing in premium dancewear, including competition couture, practice wear, fabrics, and crystals. The company targets dancers and dance enthusiasts, offering bespoke couture services and a wide product range. The website is built on Magento and hosted behind Cloudflare, leveraging modern marketing and analytics tools such as Google Analytics, Google Tag Manager, and Cookiebot for privacy compliance. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly weakens its security posture. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the business presents itself as a reputable and established player in the dancewear retail sector, but urgent improvements in security infrastructure are recommended to protect customer data and enhance trust.

D

Delegate Healthcare Solutions LLC

delegate-group.com

38

Delegate Healthcare Solutions LLC operates as a leading manufacturer of foodservice software tailored for communal catering environments such as healthcare facilities, educational institutions, and senior living communities. The company offers a comprehensive suite of software solutions including patient service, foodservice management, full-service catering, and key functionalities like enterprise resource planning and menu ordering systems. Their market position is strong, supported by partnerships with notable clients and a clear focus on delivering integrated, cloud-hosted, and mobile-optimized solutions. Technically, the website is built on modern frameworks like Next.js and hosted on Vercel, with a CMS likely based on Strapi. While the site demonstrates excellent content quality, branding consistency, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of modern TLS protocols. Privacy compliance is addressed through Cookiebot, ensuring consent mechanisms are in place. Overall, the business presents a credible and professional front but must urgently address its SSL/TLS configuration to improve security posture and trustworthiness.

M

MMX e.U.

silberdraht.agency

37

Silberdraht Agency is a small Austrian online marketing firm specializing in services tailored for the BestAger demographic (age 50+). Founded in 2019 and operated by MMX e.U., the agency offers website analysis, creation, optimization, search engine marketing, social media marketing, and newsletter distribution. Their market position is niche-focused with a dedicated team and partnerships that enhance their service offerings. Technically, the website runs on WordPress with popular plugins and themes, but lacks HTTPS, which is a critical security shortfall. The site is mobile-optimized and SEO-friendly but suffers from slow or unmeasured performance. Security posture is weak due to missing SSL and security headers, and privacy compliance is minimal with no cookie consent mechanism. Overall, the business appears legitimate and consistent with its domain registration data, but security improvements are urgently needed.

W

wphelp24.com - Your 24/7 WordPress Support Hub

wphelp24.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 24 security findings identified across all modules.

G

GS1 Austria

gs1.at

40

GS1 Austria is a well-established non-profit organization serving as the official barcode and GTIN issuing authority in Austria. It provides a comprehensive suite of GS1 standards and services to businesses across multiple sectors including retail, manufacturing, transportation, and government. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding supported by major corporate clients. Technically, the site is built on Drupal 10 with modern JavaScript libraries and integrates Google analytics and marketing tools, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Contact information is primarily via contact forms, with no direct emails or phone numbers publicly listed. Overall, the site is professional and trustworthy but urgently needs to address its SSL/TLS configuration to improve security and user trust.

G

Gymnasium Camphusianum

camphusianum.nl

36

Gymnasium Camphusianum is a small, community-oriented gymnasium school located in Gorinchem, Netherlands, providing secondary education focused on broad academic knowledge and personal development. The website reflects a well-structured educational institution with clear communication channels, active social media presence, and comprehensive privacy and cookie policies compliant with GDPR. Technically, the site is built on WordPress with modern plugins and themes, leveraging Cloudflare CDN for content delivery. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. This exposes users to potential data interception risks and reduces trustworthiness from a security perspective. Overall, while the content and business credibility are strong, the lack of HTTPS is a major vulnerability that must be addressed promptly.

L

Lorencic GmbH Nfg. & Co KG

lorencic.com

39

Lorencic GmbH Nfg. & Co KG operates as a medium-sized company specializing in construction services and products, including workwear, reinforcement fabrics, construction profiles, diamond cutting discs, and rental of construction machinery. The company targets construction professionals and contractors primarily in Austria and surrounding European countries, as evidenced by multiple country-specific domains. The website presents a professional design with clear navigation and relevant content, supporting its business model as a B2B supplier and rental service provider. Technically, the website runs on an Apache server with Ubuntu, utilizing common JavaScript libraries such as jQuery and Bootstrap for frontend functionality. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. Performance metrics are unavailable, and mobile optimization is basic but functional. The site includes cookie consent mechanisms and basic privacy policy compliance, though more advanced privacy and security policies are lacking. From a security perspective, the lack of HTTPS is a critical vulnerability, exposing users to potential data interception risks. No advanced security headers or incident response information is published, and session management could be improved. The site uses Matomo analytics with user consent, indicating moderate user tracking with some privacy compliance. Overall, the security posture is weak and requires urgent improvements. Strategically, the company should prioritize implementing HTTPS with a valid certificate, enhance security headers, and publish clear security and incident response policies. Improving privacy compliance and expanding trust indicators will also strengthen business credibility and user confidence.

Summit Printing LLC operates as an established online commercial printing company founded in 2010, offering a wide range of printing services including banners, brochures, business cards, mailing services, and graphic design. The company targets businesses and graphic designers across the United States and Canada, leveraging multiple plant locations to provide fast production and free shipping. The website presents a professional and consistent brand image with clear navigation and relevant content tailored to its audience. Technically, the site uses PHP 7.0.33, jQuery, Modernizr, and is hosted behind Cloudflare with LiteSpeed server technology. However, the absence of a valid SSL certificate and HTTPS implementation is a significant security shortfall. Security headers such as HSTS, X-Frame-Options, and X-Content-Type-Options are present, but the lack of TLS protocols and certificate transparency compliance reduces the overall security posture. Privacy compliance is basic, with a privacy policy and terms of service present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site scores moderately on content quality and business credibility but is penalized heavily for security deficiencies.

E

Eti

etietieti.com

39

Eti is a well-established Turkish food manufacturing company with a strong market presence and a diverse product portfolio including biscuits, chocolates, and health-oriented food products. The website serves as a comprehensive corporate portal providing product information, recipes, corporate governance details, career opportunities, and social responsibility initiatives. The site targets consumers interested in quality food products and healthy nutrition, leveraging a consistent brand identity and multiple language options for international reach. Technically, the website is built on ASP.NET WebForms and uses modern JavaScript libraries for UI enhancements. However, performance metrics are lacking and the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts user trust and security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Social media integration and partner links enhance the brand's digital ecosystem. Overall, Eti's website is professional and content-rich but requires urgent security improvements to meet modern standards.

R

Rail Cargo Group

railcargo.com

40

Rail Cargo Group is a well-established rail logistics provider operating primarily in Europe and Asia, offering a broad range of freight and logistics services including wagon loads, intermodal and multimodal logistics, and railway operations. The company targets businesses requiring efficient rail freight solutions and maintains a strong market position supported by its parent company ÖBB. Technically, the website employs modern JavaScript libraries and custom corporate scripts, with a focus on accessibility and SEO, though performance data is unavailable. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header implementation. Privacy compliance is supported by a comprehensive privacy policy and GDPR adherence, with Matomo analytics used for privacy-conscious tracking. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

The website kphgraz.at is currently inaccessible, returning an HTTP 403 Forbidden error indicating that access is denied due to insufficient permissions. The site lacks any visible content, metadata, or structured data, which prevents a full analysis of its business or technical attributes. The hosting provider is identified as World4You, an Austrian hosting company, and the domain is registered consistently with the website's country. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. No privacy, cookie, or terms of service policies are present, and no contact information is available, which further reduces trust and compliance levels. Overall, the site appears to be either misconfigured or a placeholder without active content.

E

ekey biometric systems GmbH

ekey.net

35

ekey biometric systems GmbH is a medium-sized Austrian technology company founded in 2002, specializing in fingerprint-based access control and smart home integration solutions. The company holds a leading market position in Europe for fingerprint access systems, offering a range of products including door-integrated fingerprint readers, wall-mounted units, and retrofit kits. Their business model focuses on manufacturing, sales, and providing support and training services. The website reflects a mature digital presence with multilingual support and comprehensive product information targeting homeowners, businesses, and smart home users. Technically, the site is built on WordPress with modern plugins and analytics tools, but suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Security headers are well configured, and privacy compliance is strong with GDPR-aligned policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

T

Tyco

tyco.com

40

Tyco, a subsidiary of Johnson Controls, is a mature enterprise-level provider of integrated security products and solutions, including access control, video surveillance, cloud services, and fire suppression. The company targets commercial and enterprise customers globally, leveraging a broad partner ecosystem and multiple subsidiary brands. The website demonstrates a professional design with good content quality and clear navigation, supported by modern technologies such as Sitecore CMS and Bootstrap. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses risks to secure communications. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the domain registration and WHOIS data confirm the legitimacy and maturity of the business. Strategic improvements in SSL and TLS configuration are recommended to enhance security and trust.