High-risk security reports

The British Council is a globally recognized UK-based non-profit organization specializing in cultural relations and educational opportunities. With a presence in over 100 countries and a history spanning 90 years, it offers a broad range of services including English language learning, exams such as IELTS, study and work abroad programs, and arts and cultural initiatives. The website reflects a mature, professional digital presence with excellent content quality and clear navigation tailored to a diverse international audience.

A

AIM Group International

aimgroupinternational.com

35

AIM Group International is a medium-sized service provider specializing in event management, digital communication, and consultancy services primarily targeting companies and associations. The company offers a broad portfolio including conference management, virtual and hybrid events, healthcare meetings, digital marketing, and consultancy services. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress with modern libraries and plugins, hosted on Amazon AWS infrastructure. However, the website lacks a valid SSL certificate and does not support HTTPS, which significantly impacts its security posture. While cookie consent and privacy policies are implemented and GDPR compliant, the absence of HTTPS and security headers exposes the site to risks. Overall, the business appears legitimate and well-established with active social media presence and trust indicators such as an annual report and newsletter. Strategic improvements in security configuration are recommended to enhance trust and compliance.

H

Hilfswerk Österreich

hilfswerk.at

36

Hilfswerk Österreich is a large, well-established non-profit organization providing extensive health, social, and family services across Austria. The website reflects a professional and comprehensive digital presence, targeting a broad audience including elderly people, children, families, and caregivers. The organization maintains a strong market position as one of Austria's leading providers in its sector, supported by government funding and a wide range of services. Technically, the website is built on TYPO3 CMS with modern frontend libraries and includes accessibility and SEO best practices. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly undermines the site's security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates high professionalism and trustworthiness but urgently requires SSL implementation to mitigate security risks.

H&Z Unternehmensberatung AG is a well-established management consulting firm based in Munich, Germany, with a strong focus on strategy, procurement, transformation, sustainability, innovation, and technology. Founded in 1997, the company operates globally with over 600 consultants across 14 offices and is part of the larger H&Z Group and The Transformation Alliance. The website is professionally designed, content-rich, and targets leading organizations seeking strategic consulting services. Technically, the site uses modern frameworks such as Next.js and is hosted on Vercel, with cookie consent managed by Usercentrics and analytics via Google Tag Manager. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is partial, with cookie consent present but no visible privacy or terms of service policies. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.

Acer Inc is a global technology company specializing in the manufacturing and retail of computing devices including laptops, desktops, Chromebooks, monitors, and projectors. The website targets both consumer and business audiences primarily in Finland but also globally, offering a comprehensive product catalog and support services. The company maintains a strong market position with consistent branding and a professional online presence. Technically, the site uses ASP.NET MVC framework, jQuery, and integrates multiple third-party analytics and marketing tools such as Google Tag Manager and Visual Website Optimizer. Hosting is via Amazon AWS with Akamai CDN for content delivery. Security posture shows presence of key security headers and secure cookies; however, the SSL certificate is invalid or missing and no TLS protocols are enabled, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security and trust.

The website at fsm-alliance.com is minimally developed with no meaningful content or business information presented. The site primarily serves tracking pixels and advertising scripts without any visible privacy, cookie, or terms of service policies. The domain is registered but lacks DNS records and does not have a valid SSL/TLS certificate, resulting in an insecure HTTP-only connection. These factors indicate a low level of digital maturity and poor security posture. The absence of contact information and business details further reduces trust and credibility. Overall, the site appears inactive or underdeveloped, posing significant risks for users and visitors.

G

Gottschligg

gottschligg.com

29

Gottschligg is a medium-sized manufacturing company based in Austria specializing in the development and delivery of customized and standard load carriers for industrial clients, particularly in the automotive and manufacturing sectors. The company offers a range of products including special load carriers, universal load carriers, plastic and textile carriers, wooden carriers, and repair services. Their website reflects a professional and consistent brand presence with clear contact information and compliance with GDPR and cookie consent regulations. Technically, the site is built on WordPress with Yoast SEO and jQuery, hosted on Google Cloud infrastructure. However, the absence of a valid SSL certificate and HTTPS support significantly weakens their security posture. Security headers are properly configured but cannot compensate for the lack of encryption. Overall, the site is accessible and well-structured but requires urgent security improvements to protect user data and enhance trust.

A

Austria Institut für Europa- und Sicherheitspolitik (AIES)

aies.at

26

The Austria Institut für Europa- und Sicherheitspolitik (AIES) is a well-established independent research institute based in Vienna, Austria, focused on European integration, security, defense, and foreign policy. Founded in 1996, it serves public stakeholders by providing expert analysis, organizing events, and publishing research. The website reflects a professional and content-rich platform targeting policymakers, academics, and the public interested in European and security policy. Technically, the site uses modern frontend technologies such as jQuery, Swiper.js, and Usercentrics for consent management, but suffers from a critical lack of valid SSL/TLS configuration, impacting its security posture. The site is mobile-optimized, accessible, and SEO-friendly, with strong social media integration and clear contact information. Security-wise, the absence of HTTPS and security headers is a significant vulnerability, though no active WAF or blocking mechanisms are detected. WHOIS data confirms domain legitimacy and consistency with the organization's profile. Strategic improvements in SSL deployment and security headers are recommended to enhance trust and compliance.

N

Ninefeb

ninefeb.com

37

Ninefeb is a European service provider specializing in technical documentation, eLearning, consulting, and personnel services. The company operates primarily in Austria with a subsidiary in the UK, targeting businesses requiring comprehensive technical communication support. The website presents a professional image with clear service offerings and client testimonials, positioning Ninefeb as a trusted partner in its niche. Technically, the site is built on WordPress using the Avada theme and Yoast SEO plugin, indicating a modern CMS approach but lacks HTTPS support, which is a significant security concern. The absence of a valid SSL certificate exposes users to potential data interception risks and undermines trust. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

TMF Group is a leading global provider of administrative, compliance, and governance services, supporting companies across more than 80 countries. Their extensive service portfolio includes accounting, tax, payroll, capital markets, fund services, and ESG administration, targeting corporates, financial institutions, asset managers, private equity, and family offices. The company operates through a large global network of over 11,000 professionals in 125+ offices, serving major multinational clients including Fortune Global 500 and FTSE 100 companies. The website reflects a mature business model with a strong market position and comprehensive service offerings. Technically, the website employs modern technologies such as Microsoft Application Insights, Google Tag Manager, OneTrust for cookie consent, and Cloudflare for CDN services. The site is well-structured, mobile-optimized, and SEO-friendly, with good accessibility features. However, performance metrics were not available, limiting full assessment of speed. From a security perspective, the site implements multiple security headers including a strict Content Security Policy and HSTS. Cookies are set with secure and HttpOnly flags, and privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. The critical weakness is the absence of a valid SSL certificate and disabled TLS protocols, which severely undermines the security posture and user trust. This issue requires immediate remediation to enable HTTPS and secure communications. Overall, the website is professionally designed and content-rich, demonstrating high business credibility and privacy compliance. The main risk lies in the invalid SSL configuration, which impacts security scores and could expose users to risks. Strategic improvements in SSL/TLS deployment and continued transparency in security policies will enhance trust and compliance.

P

pixelart GmbH

pixelart.at

33

pixelart GmbH is a well-established full-service digital agency based in Austria with offices in Salzburg and Vienna. The company specializes in delivering innovative digital solutions including web experiences, digital commerce platforms, digital products, business solutions, and online marketing services. Their market position is strong, supported by a comprehensive portfolio of case studies and a diverse client base across various industries. The website demonstrates a high level of digital maturity with the use of TYPO3 CMS, responsive design, and multimedia content. However, the security posture is weakened by the absence of a valid SSL certificate, which is critical for protecting user data and ensuring trust. Privacy compliance is well addressed with a comprehensive GDPR-compliant privacy policy, though cookie consent mechanisms are missing. Overall, pixelart GmbH presents as a credible and professional digital agency with room for improvement in security infrastructure.

The website cadence.com is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content, metadata, or business information on the site. The domain is registered and appears legitimate based on DNS and WHOIS data, but no SSL certificate is valid or configured, resulting in no HTTPS support. Security headers are present but cannot compensate for the lack of encryption. Due to the blocked content, no privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. The overall security posture is weak due to missing HTTPS and incomplete SSL configuration. The site is hosted behind Cloudflare, which provides some security controls but currently blocks content access. The AI score is low, reflecting the inability to analyze the actual website content and critical security gaps.

H

Haberkorn GmbH

haberkorn.com

38

Haberkorn GmbH operates a multi-country B2B online shop specializing in industrial products and services, primarily serving Central and Eastern European markets. The company maintains a strong regional presence with subsidiaries and partner sites in Germany and neighboring countries. The website is professionally designed with good content relevance and user experience, supporting multiple languages and regional adaptations. However, the technical infrastructure shows critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. The site uses modern JavaScript libraries and tracking tools, including Google Tag Manager, Facebook Pixel, and Hotjar, with a comprehensive cookie consent mechanism indicating basic privacy compliance. Overall, while the business model and content quality are solid, the lack of HTTPS and security policies present significant risks that should be addressed promptly.

T

TTTech Auto

tttech-auto.com

40

TTTech Auto is a leading Austrian technology company specializing in system solutions and network hardware for software-defined vehicles, focusing on safety-critical automotive applications. The company holds a strong market position as a platform product and service provider with a comprehensive portfolio including software products, hardware products, and consulting services. Their target audience primarily includes automotive manufacturers and developers seeking advanced safety and security solutions for next-generation vehicles. Technically, the website is built on Drupal 10 and protected by Sucuri Cloudproxy, with modern web design and good SEO and accessibility features. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken the security posture, exposing the site to risks and reducing trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, structured data, and transparent contact information.

Tesnila GK d.o.o. is a medium-sized Slovenian manufacturer specializing in rubber parts and elastomer solutions primarily for the automotive industry, with expanding applications in other sectors. The company emphasizes quality through ISO and IATF certifications and invests in research, development, and automated production. Their website reflects a professional business presence with detailed product and company information, multiple contact channels, and social media engagement. Technically, the site is built on DotNetNuke CMS with common web technologies but suffers from critical security shortcomings, notably the absence of HTTPS and valid SSL/TLS configuration. This exposes visitors and business communications to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, though terms of service and incident response policies are not evident. Overall, the business appears legitimate and well-established, but urgent security improvements are necessary to protect data and maintain trust.

Semmelrock, a brand under Wienerberger AG, specializes in manufacturing and distributing high-quality concrete paving and landscaping products across Central and Eastern Europe, with a strong presence in Romania. The website reflects a mature business with consistent branding and a focus on sustainability and innovation. Technically, the site is built on Adobe Experience Manager and integrates marketing tools like Google Tag Manager and Cookiebot for consent management. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture, exposing users to potential risks. Privacy compliance is basic, with privacy and cookie policies present but lacking explicit GDPR compliance details. Contact information is limited to a contact form without visible emails or phone numbers, which may affect user trust. Overall, the site is professional and content-rich but requires urgent security improvements to align with modern standards.

The website imerys.com is currently inaccessible due to an AWS WAF security challenge that requires JavaScript verification, resulting in minimal HTML content and no visible business or security information. The domain is registered and uses professional DNS and email services, indicating a legitimate enterprise-level business likely operating in the energy sector. However, the lack of a valid SSL/TLS certificate and absence of accessible content severely limit the ability to assess the company's digital maturity and security posture. The DNS configuration and MX records suggest a well-established infrastructure, but the website's security configuration needs urgent improvement to enable secure HTTPS access and reduce user friction caused by the WAF challenge. Overall, the site presents a low trustworthiness score due to inaccessibility and missing security best practices.

J

Job-TransFair gemeinnützige GmbH

jobtransfair.at

27

Job-TransFair gemeinnützige GmbH is a Vienna-based non-profit organization dedicated to supporting disadvantaged individuals in the labor market by facilitating permanent employment opportunities. The organization collaborates with a large network of partner companies and receives financial support from the AMS Wien and the City of Vienna. Their website provides comprehensive information about their services, success stories, and job offers, targeting both job seekers and employers. The content is well-structured, professionally presented, and primarily in German. Technically, the site is built on the Contao CMS platform with modern frontend technologies like Bootstrap and jQuery, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy compliance is strong, with Cookiebot implemented for consent management and clear privacy and cookie policies. The site also integrates Google Tag Manager for analytics and marketing purposes. Overall, the business is credible and transparent, with clear contact information and trust indicators such as certifications and partnerships.

E

ERSTE Immobilien Kapitalanlagegesellschaft m.b.H.

ersteimmobilien.at

40

ERSTE Immobilien KAG operates as a specialized real estate investment fund manager focusing on Austrian and German residential and commercial properties with a strong emphasis on sustainability and ethical investment principles. The website reflects a mature digital presence with modern JavaScript frameworks and CDN usage, providing a good user experience and clear business information. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Legal and compliance documentation is comprehensive and accessible, supporting regulatory adherence. Overall, the business demonstrates credibility and professionalism but must urgently address critical security gaps to protect user data and maintain trust.

A

ADMIRAL Entertainment Holding Germany GmbH

admiral-games.de

40

ADMIRAL Entertainment Holding Germany GmbH operates as a prominent gaming and entertainment company in Germany, specializing in the operation of modern game halls and providing a wide range of gaming machines and services. As part of the reputable NOVOMATIC AG group, ADMIRAL leverages both tradition and innovation to deliver unique leisure experiences to its customers. The website reflects a professional and consistent brand image targeting German-speaking audiences, with clear navigation and relevant business content. Technically, the site is built on TYPO3 CMS and uses modern frameworks like Bootstrap, but suffers from critical security shortcomings due to the lack of a valid SSL certificate and HTTPS support. Security headers are implemented, and cookie consent mechanisms are in place, indicating a basic level of privacy compliance. However, the absence of HTTPS significantly undermines the site's security posture. Overall, the business appears legitimate and well-established, with clear contact information and social media presence, but the technical security gaps present a risk that should be addressed promptly.

M

MP Corporate Finance GmbH

mpcf.net

33

MP Corporate Finance GmbH is a market-leading industrial M&A advisory firm based in Vienna, Austria. They specialize in maximizing shareholder value through dedicated sector teams and have a strong track record of over 700 projects worldwide. Their services cover buy-side, sell-side, capital raise, carve-out, and private equity lifecycle management, targeting corporates, family businesses, and financial sponsors in industrial sectors. The website is professionally designed, multilingual, and optimized for SEO and accessibility, reflecting a mature digital presence. However, the lack of a valid SSL certificate and HTTPS configuration significantly undermines their security posture, exposing users to risks. Security headers are well configured, but the absence of modern TLS protocols and strong cipher suites is a critical vulnerability. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the business credibility is high, but urgent improvements in SSL/TLS security are recommended to protect client data and maintain trust.

P

Paul Lange Austria

thalinger-lange.com

38

Paul Lange Austria operates as a specialized wholesaler and supplier for the Austrian bicycle and fishing retail markets, providing a wide range of accessories and components from well-known brands such as Shimano. The company supports its dealer network with training, catalogs, and online portals, positioning itself as a key regional player with a professional digital presence. The website is built on WordPress with Elementor and incorporates modern SEO and UI tools, reflecting a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture, exposing users to risks and potentially impacting trust. While cookie consent mechanisms and privacy policies are in place, the lack of advanced security headers and modern TLS protocols indicates room for improvement in security practices. Overall, the business appears legitimate and well-established, but urgent remediation of SSL/TLS issues is recommended to enhance security and compliance.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

The website neuestens.de is currently a parked domain landing page primarily aimed at domain resale. It does not present any active business, products, or services. The content is minimal, mostly advertising links and scripts related to domain parking monetization. The site is hosted on Hetzner Online infrastructure and uses parkingcrew nameservers. The technical infrastructure is basic with no CMS or advanced frameworks detected. The site lacks HTTPS, which is a critical security deficiency. Privacy compliance is minimal, with only a basic privacy policy linked via a popup and no cookie consent mechanism. No contact or business information is provided, limiting trust and credibility. Overall, the site is low quality and low trustworthiness, suitable only as a domain parking placeholder.

The website at action.eu is currently inaccessible beyond a Cloudflare security challenge page, which blocks direct content access. No meaningful business information, contact details, or policies are available on the landing page. The domain lacks DNS records and does not have a valid SSL certificate, resulting in an insecure HTTP connection despite Cloudflare proxying. The technical infrastructure is minimal, relying on Cloudflare for security and analytics, but without proper TLS configuration or content delivery. Security posture is weak due to missing HTTPS and incomplete DNS setup. Overall, the site appears to be either under maintenance, misconfigured, or intentionally restricted, preventing a full assessment of business operations or compliance. Strategic recommendations include resolving DNS and SSL issues, publishing clear business and privacy information, and removing or properly configuring the WAF challenge to allow legitimate user access.

G

Gradonna ****s Mountain Resort

gradonna.at

25

Gradonna Mountain Resort is a premium 4-star superior hospitality business located in Austria, offering luxury hotel and chalet accommodations with wellness, spa, and ski-in ski-out amenities. The website is professionally designed with comprehensive content targeting tourists seeking mountain resort experiences. Technically, the site uses TYPO3 CMS with modern JavaScript libraries and integrates Cookiebot and Google Tag Manager for privacy and analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security vulnerability that significantly impacts the site's security posture. The domain registration is consistent with the business claims and is owned by the Schultz Gruppe, a parent company. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

dLocal is a mature, Nasdaq-listed fintech company specializing in payment processing solutions tailored for emerging markets across Africa, Asia, and Latin America. The company offers a comprehensive suite of services including payins, payouts, fraud management, and invoice collection, serving over 700 merchants with access to 900 payment methods. The website reflects a strong market position with professional branding, extensive content, and trusted partnerships with major global companies. Technically, the site uses modern JavaScript libraries and consent management tools, but suffers from a critical lack of a valid SSL certificate, severely impacting its security posture. Privacy and cookie policies are well implemented with GDPR compliance indicators. Overall, the site is professional and trustworthy but must urgently address its SSL/TLS configuration to ensure secure user interactions.

The website regalbeloit.com is currently inaccessible due to a Cloudflare security challenge page that blocks content unless JavaScript and cookies are enabled. This prevents access to any meaningful business or security content on the site. The domain is registered and DNS records are properly configured, indicating a legitimate domain. However, the lack of a valid SSL certificate and HTTPS support is a critical security issue. The site employs Cloudflare as a hosting and security provider, but the absence of SSL and modern TLS protocols severely limits its security posture. No privacy, cookie, or terms of service policies are detectable, and no contact information or forms are present in the accessible content. Overall, the site’s digital maturity and security posture are poor due to the blocking and missing HTTPS, resulting in a low AI score and limited ability to assess business credibility or compliance.

S

SCIA

scia.net

40

SCIA is a well-established company specializing in structural engineering software solutions, holding a leading market position in Europe. The company offers a range of products including SCIA Engineer and BIM solutions, supported by local expert teams and a comprehensive webshop. The website reflects a mature digital presence with professional design, clear navigation, and rich content targeting structural engineers and construction professionals. Technically, the site uses Drupal 9 CMS, Bootstrap framework, and is hosted behind Cloudflare, leveraging modern marketing and analytics tools such as Google Tag Manager and Marketo. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism despite active tracking. Business credibility is strong with visible certifications, testimonials, and clear contact information. Overall, SCIA demonstrates a solid business and technical foundation but must urgently address security and privacy shortcomings to enhance trust and compliance.

Thefundwell.com is currently an expired and parked domain with no active website content or business presence. The site serves only a parking page with advertising scripts from Network Solutions and smartsearchresults.net, indicating it is not operational as a business website. There is no privacy policy, cookie policy, terms of service, or contact information available, which further confirms the lack of active management or legitimate business operations. Technically, the site is served over HTTP without any SSL/TLS certificate, exposing visitors to security risks. The absence of security headers, DNSSEC, and other best practices highlights a poor security posture. Overall, the domain is inactive and presents a high risk for users, with no trust or credibility indicators.

Nástupište 1-12 is a Slovak non-profit cultural organization dedicated to contemporary culture with a focus on music, art, presentations, and educational activities. The website serves as a platform to announce events, workshops, exhibitions, and artistic residencies primarily targeting the local cultural community and children. The organization maintains a consistent brand presence and provides comprehensive event information with good use of structured data for SEO and social media integration. Technically, the website is built on the Smartweb CMS platform, utilizing various JavaScript libraries such as jQuery and Owl Carousel, and is hosted by Smartweb providers. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements.

The website entec-biogas.at is currently inaccessible due to a Cloudflare security challenge page that blocks content unless JavaScript and cookies are enabled. This prevents access to any meaningful business or security content. The domain is registered and DNS records are consistent with an Austrian entity, but the lack of a valid SSL certificate and HTTPS support is a significant security concern. No privacy, cookie, or terms of service policies are detectable, nor is any contact information or business metadata available. The site appears to be protected by Cloudflare's WAF, which is currently blocking direct content access, limiting the ability to perform a full analysis. Security headers are present but basic, and no vulnerabilities are detected in the limited data available.

M

MH|Direkt

mhdirekt.com

25

MH|Direkt is a mature and established e-commerce fulfillment service provider based in Austria with over 28 years of experience. The company operates multiple fulfillment centers across Austria, Germany, and the UK, offering comprehensive services including warehousing, packaging, cross-border shipping, personalization, and API integration. Their business model focuses on supporting online shops to efficiently manage logistics and shipping across Europe, including direct market entry into Switzerland. The website reflects a professional and well-branded digital presence with extensive content and customer testimonials, positioning MH|Direkt as a reliable partner in the e-commerce logistics sector. Technically, the website is built on WordPress using popular plugins and frameworks such as Elementor, Gravity Forms, and WP Rocket. It integrates multiple marketing and analytics tools including Google Analytics, Google Ads, Facebook Pixel, and LinkedIn Insight Tag, indicating a mature digital marketing strategy. The site is mobile-optimized and SEO-friendly, though performance is moderate and accessibility features are basic. From a security perspective, the website lacks a valid SSL certificate, which is a critical issue impacting user trust and data security. Other security best practices such as HSTS, DNSSEC, and domain protection locks are not implemented, reducing the overall security posture. No explicit security or incident response policies are published on the site. Privacy and cookie policies are present and appear GDPR compliant, with consent mechanisms in place. Overall, MH|Direkt presents a credible and professional business with strong market positioning in e-commerce fulfillment. However, the lack of HTTPS and some security best practices pose risks that should be addressed promptly to enhance trust and compliance. Strategic recommendations include immediate SSL certificate installation, enabling HSTS and DNSSEC, and publishing security policies to improve transparency and security culture.

A

AMAG Austria Metall AG

amag.at

27

AMAG Austria Metall AG is a well-established Austrian manufacturer specializing in environmentally friendly and future-oriented aluminium products and solutions. The company serves various industries including automotive, aerospace, industrial goods, and consumer goods, positioning itself as a leader in the aluminium manufacturing sector. Their website provides comprehensive information about their products, corporate values, investor relations, media, and career opportunities, targeting business customers and industry partners. The digital infrastructure is based on TYPO3 CMS with integration of modern frontend frameworks and analytics tools such as Matomo and Cookiebot for privacy compliance. However, the absence of a valid SSL certificate and HTTPS implementation significantly weakens the security posture. While security headers like Content Security Policy and X-Content-Type-Options are present, critical improvements are needed to secure data transmission and enhance trust. Overall, the website is professional and content-rich but requires urgent security upgrades to meet modern standards.

T

Teradata

teradata.com

40

Teradata is a leading enterprise technology company specializing in cloud-based data analytics and Trusted AI platforms. Their offerings focus on enabling organizations to unify data, activate analytics, and accelerate business value through AI and cloud-native technologies. The website targets a broad audience including business leaders, data professionals, and developers, emphasizing innovation and cost efficiency. Technically, the site uses modern web technologies, integrates with major cloud providers, and employs advanced analytics and marketing tools, reflecting a mature digital infrastructure. Security posture shows good header implementation but is weakened by an invalid SSL certificate and lack of advanced TLS protocols. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional, trustworthy, and well-branded, though improvements in SSL management and direct contact information would enhance credibility and security.

B

BELFOR

belfor.com

40

BELFOR is a global leader specializing in disaster recovery and property restoration services, serving a worldwide audience with a strong presence across multiple countries. The website is built on WordPress and leverages modern SEO tools like Yoast, with Cloudflare providing hosting and CDN services. Despite a professional design and good content relevance, the site lacks a valid SSL certificate, which significantly impacts its security posture. The cookie consent mechanism is implemented, indicating some level of privacy compliance, but explicit privacy policies and terms of service are not found in the provided content. Social media integration and global office listings enhance business credibility. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols is a critical weakness. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

O

Ovotherm International Handels GmbH

ovotherm.com

28

Ovotherm International Handels GmbH is a medium-sized Austrian manufacturing company established in 1969, specializing in eco-friendly clear egg packaging made from recycled PET waste. The company positions itself as the global market leader in the egg packaging industry, targeting businesses within the egg supply chain. Their website reflects a professional and consistent brand image, offering detailed product information, environmental benefits, and company insights. Technically, the site uses the ProcessWire CMS with modern frontend libraries such as GSAP and Tailwind CSS, providing a good user experience and mobile optimization. However, the website critically lacks a valid SSL/TLS certificate, resulting in no HTTPS support and weak security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided, enhancing business credibility. Social media presence on Facebook, Instagram, and LinkedIn supports trust and engagement.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

P

Patheon pharma services - Global CDMO

patheon.com

39

Patheon pharma services, a brand under Thermo Fisher Scientific, operates as a global contract development and manufacturing organization (CDMO) serving the pharmaceutical, biotech, and life sciences industries. The website presents a comprehensive portfolio of services including small and large molecule development, advanced therapies, clinical trial services, and commercial manufacturing. Positioned as a trusted partner with a global footprint, Patheon emphasizes integrated solutions and innovative drug development approaches to accelerate treatments to market. The business model focuses on end-to-end drug development and manufacturing partnerships, targeting pharmaceutical and biotech companies worldwide. The domain is mature and strongly protected, reflecting a stable and legitimate enterprise presence. Technically, the website is built on Adobe Experience Manager (AEM) and leverages modern JavaScript libraries such as jQuery, FontAwesome, and Slick Carousel, alongside marketing and analytics tools like Adobe Target and Genesys Messenger. Hosting and content delivery are managed via Akamai CDN, ensuring global reach and performance. The site is mobile optimized with good SEO practices and structured data for enhanced search visibility. However, performance metrics are not explicitly available. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data security. While some security headers are present, the misconfiguration of HSTS and absence of modern TLS protocols and cipher suites significantly weaken the security posture. Privacy compliance is well addressed through comprehensive privacy and cookie policies linked to the parent company’s domain, with GDPR compliance implied. Contact information is primarily via web forms, with no direct emails or phone numbers prominently displayed. Overall, the website demonstrates strong business credibility and professional digital presence but requires urgent remediation of its SSL/TLS and HTTPS implementation to meet modern security standards and protect user data. Strategic improvements in security configuration and explicit contact channels would enhance trust and compliance.

A

Akris CH

akris.ch

40

Akris CH operates a professional luxury fashion e-commerce website targeting women in Switzerland and Liechtenstein. The site offers high-end designer clothing and handbags, positioning itself as a premium brand with a consistent and elegant online presence. The business leverages Shopify as its platform, integrating advanced search (Algolia), marketing tools (Cookiebot, Mailchimp), and customer engagement features (Wishlist King, Globo Form Builder). The website content is rich, well-structured, and professionally designed, providing a seamless user experience with clear navigation and mobile optimization. Technically, the site is built on a modern e-commerce stack with Shopify hosting behind Cloudflare CDN. It uses multiple third-party scripts for analytics, marketing, and customer interaction. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS encryption and no enabled TLS protocols. This severely impacts the security posture and user trust, despite the presence of strong security headers and content security policies. Privacy compliance is well addressed with explicit privacy and cookie policies, GDPR consent mechanisms, and transparent data collection practices. Contact information is available primarily via contact forms and multiple regional email addresses, supporting customer service and boutique inquiries. Overall, while the business and technical maturity are strong, the lack of proper SSL/TLS configuration is a major risk that must be remediated urgently to protect customer data and maintain brand reputation.

V

VOQUZ Group

voquz.com

38

VOQUZ Group is a well-established international IT service provider headquartered in Germany, with over 40 years of experience and more than 300 employees. The company serves both private and public sectors, offering a broad range of IT services including software development, SAP consulting, infrastructure planning, project management, and software testing. It operates through specialized subsidiaries such as VOQUZ Public and VOQUZ IT Solutions, targeting public administration and private enterprises respectively. The website reflects a professional and consistent brand presence with good content quality and clear navigation.

H

HDM Corp – Finding A Better Way

hdmcorp.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 24 security findings identified across all modules.

F

Federico Solutions

federico.pro

28

Federico Solutions operates a professional website focused on design, prototyping, and manufacturing services, targeting businesses seeking custom solutions. The company presents a mature market presence with a domain registered since 2009 and consistent branding. Technically, the site is built on WordPress using the Divi theme and integrates SEO and analytics tools, but lacks HTTPS, which is a significant security gap. The security posture is weak due to the absence of SSL/TLS encryption and modern security headers, exposing users to potential risks. Privacy compliance is addressed with cookie consent mechanisms and a privacy policy, though direct contact details are limited to a contact form. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

The Doppelmayr Group website for the Automated People Mover system presents a business focused on transportation solutions, specifically cable liner automated people movers designed to manage high visitor flows efficiently. The company appears to be a large, established entity in the transportation sector based in Austria, with a consistent brand presence and clear business focus. The website content is basic but includes well-structured SEO metadata and social sharing tags, indicating some digital marketing maturity. Technically, the site uses modern frameworks such as Nuxt.js and WordPress CMS, hosted behind Cloudflare CDN. However, the absence of a valid SSL certificate and lack of HTTPS severely undermine the security posture. Performance metrics are unavailable, but the presence of many prefetch and preload scripts suggests an attempt at optimization, though the lack of HTTPS is a critical flaw. Mobile optimization and accessibility are basic, with room for improvement. Security analysis reveals significant vulnerabilities: no SSL/TLS encryption, no HSTS, no DMARC, DNSSEC, or CAA records, and no security.txt or vulnerability disclosure policies. Tracking and advertising scripts are present without accompanying privacy or cookie policies, indicating poor privacy compliance. No contact or incident response information is provided, limiting transparency and trust. Overall, the website's risk profile is elevated due to missing HTTPS and privacy compliance gaps. Strategic improvements in security infrastructure, privacy policies, and contact transparency are recommended to enhance trust and compliance.

Wolford operates an international e-commerce retail website specializing in fashion products, targeting multiple countries with localized language versions. The site is built on Salesforce Commerce Cloud (Demandware) and uses modern web technologies including Google Fonts, Google reCAPTCHA, and Usercentrics for cookie consent management. Cloudflare is used as a hosting and CDN provider. However, the website lacks a valid SSL/TLS certificate, resulting in no proper HTTPS support, which is a critical security concern. The site implements some security headers but misses important configurations such as HSTS and OCSP stapling. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Contact information and security policies are not found in the analyzed content, reducing transparency and trust. Overall, the website demonstrates a basic level of technical and business maturity but requires significant improvements in security and privacy compliance to meet modern standards.

S

SPIDI Friedl & Partner Unternehmensberatungs GmbH

spidi.at

28

SPIDI Friedl & Partner Unternehmensberatungs GmbH operates a professional language and intercultural learning institute based in Vienna, Austria. The company offers a broad portfolio of language courses, including group and individual training, online courses, and certification test centers such as ÖSD and Linguaskill. The business targets both private individuals and corporate clients, positioning itself as a quality provider in adult education with recognized certifications. The website reflects a mature digital presence built on WordPress with modern SEO and consent management tools, supporting GDPR compliance. However, the absence of a valid SSL certificate undermines the security posture and user trust. The company maintains clear contact channels and social media engagement, enhancing business credibility.

Post Office Limited operates a comprehensive UK-wide network providing postal, financial, travel, insurance, and identity services. The website reflects a mature digital presence with extensive service offerings and strong brand consistency. The company leverages multiple external partners for financial and travel services, integrating them seamlessly into their platform. Technically, the site uses Magnolia CMS, Akamai CDN, and common JavaScript libraries like jQuery, ensuring a robust infrastructure. However, the SSL/TLS configuration is critically flawed with an invalid certificate and no enabled TLS protocols, exposing users to security risks. Additionally, a subdomain takeover vulnerability exists on api.postoffice.co.uk, which could be exploited if not remediated. Privacy and cookie policies are comprehensive and GDPR compliant, supporting strong privacy practices. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

G

Glory Global Solutions (International) Limited

glory-global.com

40

Glory Global Solutions (International) Limited is a global enterprise specializing in cash automation and management solutions across multiple industries including retail, financial institutions, hospitality, gaming, and CIT cash centers. The company positions itself as a market leader with a comprehensive portfolio of products and services designed to enhance customer experience and operational efficiency. The website is professionally designed, content-rich, and targets B2B customers seeking advanced cash handling technologies. Technically, the site leverages modern frameworks such as Next.js and Sitecore CMS, hosted on Vercel, ensuring a good digital maturity level. However, the security posture is weakened by the absence of a valid SSL certificate and incomplete HTTPS implementation, which poses risks to user trust and data security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.