High-risk security reports

E

EDITORIAL. LOGÍSTICA .LA

logistica.la

36

EDITORIAL. LOGÍSTICA .LA is a specialized editorial platform focused on logistics and supply chain management in Latin America, providing professional content, industry insights, and resources primarily in Spanish. The website is hosted on WordPress.com, leveraging WordPress CMS and related technologies such as Jetpack and Gutenberg. The site targets professionals, academics, and students interested in logistics and SCM, with a small but engaged subscriber base. Technically, the site uses modern web technologies but suffers from a critical lack of valid SSL/TLS configuration, exposing users to potential security risks. Privacy compliance is basic, with cookie consent implemented but no explicit privacy policy or terms of service found. The domain is mature and well-protected, registered with GoDaddy, supporting the site's legitimacy. Overall, the site offers valuable content but requires urgent security improvements to protect visitors and enhance trust.

G

Georg Fritzmeier GmbH & Co. KG

fritzmeier.com

30

The Fritzmeier Group is a large German manufacturing company specializing in driver cabs, composite parts, tooling, and environmental technology solutions primarily serving the Off-Highway and On-Highway industries. Their diversified business model includes multiple subsidiaries focused on specialized product areas such as cabs, composites, technology, and environmental solutions. The company maintains a strong market position with approximately 2,200 employees and a presence at major industry events. Technically, the website is built on TYPO3 CMS and served via Apache, with a moderate performance profile and good mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, despite the presence of security headers and a content security policy. Privacy compliance is good with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

The website anixter.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page that prevents content access. As a result, no direct business information, contact details, or policy documents are available for analysis. The site is protected by Cloudflare, but lacks a valid SSL certificate and HTTPS configuration, which is a critical security deficiency. The technical infrastructure is minimal with no visible CMS or frameworks, and performance metrics cannot be assessed due to the block. Security headers are partially implemented but insufficient without proper SSL. Overall, the site exhibits a low security posture and poor content availability, limiting the ability to evaluate business credibility or compliance.

H

H.B. Fuller

hbfuller.com

40

H.B. Fuller is a well-established global manufacturer specializing in adhesives, sealants, and specialty chemical products with a 130-year history. The company serves diverse industrial sectors including electronics, medical, transportation, packaging, and construction. Their business model focuses on B2B manufacturing with strong technical support and sustainability initiatives. The website reflects a mature digital presence with comprehensive content, multi-language support, and clear navigation tailored to industrial customers and partners. Technically, the website leverages modern frameworks such as Bootstrap 5 and integrates advanced search capabilities via Coveo. It uses Cloudflare for hosting and CDN services, and employs multiple analytics and tracking tools including Google Analytics, Microsoft Clarity, Hotjar, and Application Insights. The site is mobile-optimized and SEO-friendly, though performance metrics were not available. From a security perspective, the site implements a robust Content Security Policy and uses multiple security headers. However, a critical weakness is the absence of a valid SSL certificate and lack of TLS protocol support, which severely impacts the security posture and user trust. Privacy compliance is strong, with comprehensive policies and consent management via Iubenda. Contact information and social media presence further enhance business credibility. Overall, the site is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and improve its security score. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and implementing HSTS and OCSP stapling to enhance security and user confidence.

D

DSC Doralt Seist Csoklich Rechtsanwälte GmbH

dsc.at

25

DSC Doralt Seist Csoklich Rechtsanwälte GmbH is a well-established Austrian law firm with over 30 years of experience, offering comprehensive legal consulting services across a broad spectrum of legal fields. The firm positions itself as a top 20 law firm in Austria, emphasizing efficiency and holistic solutions for its clients. The website reflects a professional and consistent brand image, targeting clients seeking expert legal advice primarily in Austria. The business model is focused on providing high-quality legal services with a client-centric approach. Technically, the website is built on a PHP backend with nginx server infrastructure and uses several JavaScript libraries including jQuery, Slick Carousel, Flexslider, and AOS for animations. The site employs Matomo for analytics, indicating a preference for privacy-conscious tracking. However, the website lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security shortfall. Performance metrics are not available, but the presence of multiple large images and older JavaScript libraries suggests moderate to slow loading times. From a security perspective, the absence of HTTPS and security headers such as Content-Security-Policy and HSTS reduces the overall security posture. No critical vulnerabilities or exposed sensitive data were detected, but the lack of modern security best practices is notable. Privacy compliance is well addressed with clear privacy and cookie policies, cookie consent mechanisms, and GDPR compliance indicators. Contact information is complete and clearly presented, enhancing trustworthiness. Overall, the website is professional and credible but requires urgent improvements in SSL/TLS configuration and security headers to enhance user trust and data protection. Strategic recommendations include implementing a valid SSL certificate, enabling HSTS, adding security headers, and continuing to maintain privacy compliance and transparent contact information.

S

Salinen Austria Aktiengesellschaft

salinen.com

40

Salinen Austria Aktiengesellschaft is a leading Austrian salt manufacturer specializing in high purity salt products including pharmaceutical salt, cooking salt, industrial salt, and agricultural fertilizers. The company serves both private consumers and business clients, offering a broad product portfolio and an online webshop. Their market position is strong within Austria and the surrounding region, supported by multiple country-specific sister sites. Technically, the website is built on TYPO3 CMS with modern frontend features such as lazy loading images and Google Analytics integration. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture. Security headers are partially implemented but without encryption, the site is vulnerable to interception. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly presented, enhancing business credibility. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.

A

Amadeus International School Vienna

amadeus-vienna.com

28

Amadeus International School Vienna is a well-established private international school offering IB education and boarding services with a unique integrated Music and Arts Academy. The school targets international students and families seeking high-quality education in Vienna. The website is professionally designed with rich content and multimedia, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and frameworks, but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are implemented with consent mechanisms, supporting GDPR compliance. Contact information is clearly presented, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

N

NovaTaste Austria GmbH

wiberg.eu

40

WIBERG, operated by NovaTaste Austria GmbH, is a well-established international spice and culinary product supplier targeting professional chefs, gastronomy, and catering sectors. The company offers a comprehensive range of high-quality products, supported by a professional and content-rich website that includes detailed product information, recipes, and sustainability commitments. Technically, the website is built on modern frameworks such as Next.js and React, hosted likely on Microsoft Azure, and demonstrates good design and user experience. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. While several security headers are implemented, the lack of HTTPS undermines these protections. Privacy compliance is good with a comprehensive privacy policy, but no explicit cookie consent mechanism was detected. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

WTW

willistowerswatson.com

40

WTW is a global enterprise specializing in risk management, employee benefits, and capital solutions. The company offers comprehensive consulting services aimed at helping organizations optimize their human capital, manage risks, and leverage capital effectively. The website reflects a mature digital presence with multi-language support and a clear focus on professional service delivery. Technically, the site uses modern frameworks such as Bootstrap and Sitecore CMS, integrated with advanced search and video technologies. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which undermines HTTPS security benefits. Privacy compliance is strong with clear cookie and privacy policies, and the site employs extensive analytics and marketing tools. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS issues to improve security and user trust.

Accenture Austria operates as a leading management consulting, technology services, and outsourcing company, serving clients primarily in Germany and Austria. The website reflects a mature digital presence with comprehensive content, strong branding, and extensive service offerings across multiple sectors including technology, energy, finance, and manufacturing. The technical infrastructure leverages Adobe Experience Manager CMS and a suite of Adobe marketing and analytics tools, hosted on Amazon CloudFront CDN, ensuring a robust platform for content delivery and user engagement. However, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines user trust and data security. Security headers are implemented but the Content-Security-Policy is weak, allowing unsafe script execution. Privacy compliance is well addressed with clear privacy and cookie policies managed via OneTrust. Overall, the site is professional and credible but requires urgent remediation of SSL and CSP issues to enhance security posture.

F

Fercam S.p.A.

fercam.com

40

FERCAM S.p.A. is a well-established logistics and transport company with over 75 years of experience, offering a broad range of services including road, air, and ocean freight, integrated logistics, customs consulting, and specialized transport services. The company operates primarily in Europe with presence in Asia and Africa, targeting businesses requiring comprehensive supply chain solutions. The website demonstrates a good level of digital maturity with multi-language support, structured navigation, and integration of modern analytics and marketing tools. However, the absence of HTTPS and a valid SSL certificate significantly weakens the security posture, exposing users to potential risks. Privacy and cookie policies are present and supported by consent mechanisms, indicating compliance with GDPR standards. Overall, the site is professional and trustworthy but requires urgent security improvements.

Schullin Wien is a well-established luxury jewelry and watch retailer based in Vienna, Austria, with a rich family tradition dating back to 1802 and formal business founding in 1974. The company specializes in fine jewelry design and manufacturing, luxury watch sales including Rolex, and certified pre-owned Rolex watches. Their market position is strong within the luxury retail sector, targeting affluent customers seeking unique and high-quality pieces. The website reflects a mature digital presence with multilingual support, rich content, and integration of modern web technologies such as WordPress, WooCommerce, Alpine.js, and Swiper.js. Marketing and analytics tools like Google Analytics, Facebook Pixel, and Adobe Analytics are actively used with GDPR-compliant cookie consent mechanisms in place. However, the security posture is significantly weakened by the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability that undermines user trust and data protection. The site employs standard security headers but lacks advanced protections such as HSTS and OCSP stapling. Overall, the business credibility and content quality are high, but urgent remediation of SSL/TLS issues is necessary to ensure secure user interactions and compliance with best practices.

The website atronic.com currently serves as a minimal placeholder with a frameset redirecting visitors to an external domain (www.igt.com). There is no substantive content, metadata, or business information presented on the site. The technical infrastructure is basic, running an outdated nginx server without HTTPS support or modern security configurations. This results in a poor security posture and low trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact or company information is available, indicating the site is not actively maintained or used for business purposes. Overall, the site lacks digital maturity and does not meet basic security or compliance standards.

The website spalinger.com is registered since 2000 and is a mature domain managed by GoDaddy.com, LLC. However, the website content is minimal, consisting only of a redirect script to /lander, with no metadata, contact information, or business details present. The technical infrastructure shows hosting on AWS IP addresses but lacks a valid SSL/TLS certificate and HTTPS support, resulting in a poor security posture. No security headers or privacy policies are implemented, and no analytics or advertising tools are detected. The domain registration is consistent and transparent, but the website itself appears underdeveloped or placeholder, limiting its business credibility and user trust. Overall, the site is not currently suitable for professional or commercial use without significant development and security improvements.

A

Allnex GMBH

allnex.com

40

Allnex GmbH is a global leader in the manufacturing of industrial coating resins, adhesives, sealants, and specialty coatings. The company targets industrial manufacturers and formulators in the chemical and coatings industries, offering a broad portfolio of products and technical support. The website reflects a mature enterprise-grade digital presence with comprehensive content, clear navigation, and multi-language support, indicating a global market reach. Technically, the site is built on ASP.NET with Kentico CMS, hosted likely on Microsoft Azure, and employs modern web technologies including lazy loading and SVG icons. However, the security posture is weak due to an invalid SSL certificate and lack of TLS protocol support, which critically impacts trust and data protection. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to ensure safe user interactions and data protection.

I

illwerke vkw AG

illwerkevkw.at

40

illwerke vkw AG is a well-established energy company based in Austria, specializing in renewable energy production including hydropower, wind, and photovoltaic sources, as well as energy trading and supply. The company has a strong regional presence in Vorarlberg and operates several subsidiaries in related sectors such as energy networks and tourism. The website reflects a professional and consistent brand image with comprehensive business information and active social media engagement. Technically, the site uses modern JavaScript libraries and frameworks, including Bootstrap and jQuery, and integrates Google Tag Manager and Usercentrics for analytics and consent management. However, the lack of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting the overall security posture and user trust. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR requirements. Overall, the website is informative and user-friendly but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

B

Bridgestone Americas, Inc.

bridgestoneamericas.com

40

Bridgestone Americas, Inc. is a leading enterprise in the transportation sector specializing in tire manufacturing and sustainable mobility solutions. Founded in 1931 and operating as a subsidiary of Bridgestone Corporation, the company maintains a strong market position with a comprehensive digital presence. The website reflects a professional and consistent brand image, targeting both consumers and business clients with detailed corporate information and resources. Technically, the site leverages modern frameworks such as Adobe Experience Manager and Vuetify, supported by a robust hosting infrastructure on AWS. However, a critical security gap exists due to an invalid or missing SSL certificate, severely impacting the site's security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is trustworthy and professionally maintained but requires urgent remediation of its SSL configuration to ensure secure user interactions.

Romeo Mori operates a professional photography portfolio website showcasing a curated selection of fashion, portrait, editorial, and campaign photography. The site targets fashion brands, advertising agencies, editorial magazines, and individuals seeking high-quality photography services. The business model is service-oriented, focusing on creative photography presentations tailored to client needs. The website is built using Adobe Muse with jQuery and RequireJS, hosted on one.com, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and missing security headers, exposing the site to potential risks and undermining user trust. Privacy compliance is minimal with no privacy or cookie policies present. Overall, the site is professional in content and design but requires significant improvements in security and compliance to enhance trust and protect visitors.

IFS is a global enterprise software solution provider specializing in ERP, EAM, FSM, and ESM solutions with a strong emphasis on Industrial AI (IFS.ai). The company targets industrial and enterprise customers requiring advanced asset and service management solutions. Their market position is strong, supported by industry accolades and a large enterprise presence. Technically, the website uses a modern tech stack including Bootstrap, jQuery, and various JavaScript libraries, hosted on Akamai CDN, with Sitecore CMS inferred. Security headers are well implemented, but the SSL certificate is currently invalid or missing, which is a critical issue. Privacy and cookie policies are present with consent mechanisms, indicating good compliance posture. Overall, the website is professional, content-rich, and trustworthy, though SSL issues need urgent resolution.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

A&N GesbR

shelfie.at

40

The website shelfie.at is currently a coming soon placeholder page for the company A&N GesbR, represented by Philipp Asanger and Manuel Nobis, located in Linz, Austria. The site provides minimal business information, primarily a logo and contact address, with no detailed description of services or products. The business appears to be small and in early stages of web presence development. Technically, the site is built on WordPress using the SeedProd coming soon plugin, with Tailwind CSS and FontAwesome for styling, and jQuery for scripting. It is hosted behind Cloudflare with valid SSL, but the SSL certificate dates appear inconsistent, possibly due to data error. The site performance is slow with a high load time, and lacks modern security headers and HSTS enforcement. Mobile optimization and accessibility are basic. From a security perspective, HTTPS is enabled with a valid certificate, but no additional security headers or policies are implemented. There are no forms or data collection points, reducing attack surface but also limiting user engagement. No privacy, cookie, or terms of service policies are present, indicating low privacy compliance. DNSSEC and CAA are not enabled, and no vulnerability disclosure or incident response information is provided. Overall, the site is low risk but also low maturity in security and privacy posture. Strategic recommendations include implementing security headers and HSTS, adding privacy and cookie policies to comply with GDPR, improving site performance, and expanding business content to enhance credibility and user trust.

H

HOLZWURM Werkzeuge

holzwurm-werkzeuge.de

40

HOLZWURM Werkzeuge is a small Austrian e-commerce business specializing in selling creative tools for hobbyists and crafters, primarily via online marketplaces such as Amazon and Etsy, as well as their own WooCommerce-based shop. Founded in 2017, the company emphasizes quality and customer satisfaction, targeting a broad audience of creative individuals. The website is built on WordPress with WooCommerce and uses modern web technologies and marketing tools including Cookiebot for consent management and Facebook Pixel for tracking. However, the site lacks a valid SSL certificate, exposing visitors to security risks and undermining trust. Privacy policies and terms of service are present and GDPR compliance is partially addressed through cookie consent mechanisms. Contact information is complete and transparent, supporting business credibility.

A

AXIS Flight Training Systems GmbH

axis-simulation.com

38

AXIS Flight Training Systems GmbH is a medium-sized Austrian company specializing in the design and manufacture of advanced flight simulation solutions, including full flight simulators and training devices that comply with international aviation standards such as EASA, FAA, and ICAO. Founded in 2004, AXIS positions itself as an innovator in the flight simulation industry, emphasizing quality, efficiency, and responsiveness to customer needs. The company maintains ISO 9001-2015 certification and has committed to CO2 neutrality since 2021, reflecting corporate responsibility values. Technically, the website is built on WordPress with Elementor and integrates various plugins for event management, galleries, and cookie consent. The site uses Google Analytics and Google Ads for analytics and marketing, with a compliant cookie consent mechanism in place. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. The DNS configuration shows some malformed CAA records, and no modern TLS protocols are enabled, exposing the site to potential security risks. Security posture is weak due to the absence of HTTPS and related security headers, although no active vulnerabilities or malware were detected. Privacy compliance is strong, with clear privacy and cookie policies and user consent mechanisms. Business credibility is high, supported by detailed company information, social media presence, and trust indicators such as certifications and CO2 neutrality. Overall, the website is professional and content-rich but requires urgent security improvements, particularly SSL/TLS implementation, to protect user data and enhance trustworthiness.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

K

KISSA Tea

kissatea.com

40

KISSA Tea operates a premium e-commerce platform specializing in organic matcha tea and related accessories, targeting health-conscious and lifestyle consumers primarily in Europe. The website is built on Shopify and leverages multiple marketing and analytics tools to enhance customer engagement and sales. While the site demonstrates excellent content quality, branding consistency, and user experience, a critical security gap exists due to the absence of a valid SSL certificate, undermining HTTPS security. The presence of comprehensive privacy and cookie policies with consent mechanisms reflects good compliance posture. Overall, the business appears legitimate and well-positioned in its niche, but immediate remediation of SSL/TLS issues is essential to protect customer data and maintain trust.

D

Die Grünen

gruene.at

36

Die Grünen Austria is a well-established political party focused on environmental protection, social justice, and green policies. The website serves as a comprehensive platform for information dissemination, event promotion, and member engagement, targeting Austrian citizens interested in green politics. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, it is built on WordPress with modern frameworks and uses Cloudflare for hosting and CDN services. However, the absence of a valid SSL certificate and HTTPS significantly weakens its security posture. Privacy compliance is well addressed through GDPR-compliant consent management and detailed privacy policies. Overall, the site is trustworthy and credible but requires urgent security improvements.

A

Arzneiwerk AG

teles.com

38

Arzneiwerk AG is a healthcare company specializing in securing the supply of newly developed or rare specialty pharmaceuticals across Europe. The company maintains a professional online presence focused on investor relations and business transparency. The website is built on WordPress using Elementor and includes SEO and cookie consent tools, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support represents a significant security gap, exposing users to potential risks. Privacy policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the business appears legitimate and consistent with its domain registration and content, but security improvements are critical to enhance trust and compliance.

The website amiraair.at is currently a parked domain landing page with no active business content or services. It primarily serves as a domain for sale advertisement, targeting potential domain buyers or investors. The site lacks any company branding, contact information, or business descriptions, indicating it is not currently used for commercial operations. Technically, the site is hosted on Hetzner Online with nginx and Caddy components, and uses several advertising and tracking scripts from parkingcrew.net and Google Adsense Domains CAF. However, the site lacks HTTPS support and has no valid SSL certificate, exposing it to security risks and reducing user trust. Security headers and best practices are minimal or absent, and no privacy or cookie consent mechanisms are implemented beyond a basic privacy policy link. Overall, the site’s security posture is weak, and its technical and content quality is poor, reflecting its status as a parked domain rather than an active business website.

G

Gruppo Codognotto

codognotto.eu

39

Gruppo Codognotto is a well-established logistics and freight transport company based in Italy, offering integrated logistics services including sea, air, and road transport, customs handling, and warehousing. The company operates a large fleet across multiple countries and holds recognized ISO certifications, positioning itself as a reliable third-party logistics provider in the European and international markets. The website reflects a professional business presence with clear service offerings and relevant content for its target audience. Technically, the site runs on Drupal 7 with common web technologies like jQuery and Bootstrap, but suffers from outdated CMS usage and lacks a valid SSL certificate, which significantly impacts its security posture. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes users to risks. Privacy and cookie policies exist but are basic, with limited GDPR compliance indicators. Contact information is available via email and forms, but no phone numbers or physical addresses are explicitly provided. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

K

KOHLBACH

kohlbach.at

34

KOHLBACH is a company specializing in biomass energy solutions, targeting businesses and organizations interested in sustainable energy production. The website presents a basic digital presence with minimal content and limited business information. The technical infrastructure uses modern JavaScript frameworks such as React and integrates third-party services like CookiePro for cookie consent and Google Tag Manager for analytics. However, the website lacks HTTPS, which is a critical security deficiency, and does not provide privacy policies or contact information, limiting trust and compliance. Security posture is weak due to missing SSL, lack of security headers beyond Content-Security-Policy, and absence of domain security features like DMARC and DNSSEC. Overall, the site is functional but requires significant improvements in security and compliance to meet industry standards.

S

Stork

stork.com

40

Stork is an established industrial services company focused on asset management, maintenance, and consultancy primarily in the energy and process industries. Recently acquired by Bilfinger, Stork operates under its umbrella in several key countries including Belgium, the Netherlands, Germany, and the USA. The website presents a comprehensive overview of their services and global presence, targeting industrial clients seeking lifecycle asset support. Technically, the site uses modern React technology but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies including consent mechanisms. However, explicit contact details like emails and phone numbers are not readily available, relying mainly on contact forms. Overall, the site is professional and trustworthy but would benefit from improved security configurations and performance optimizations.

N

NCR Corporation

ncr.com

40

The website for ncr.com serves as a landing page announcing the corporate split of NCR Corporation into two distinct entities: NCR Voyix and NCR Atleos. NCR Voyix focuses on providing digital commerce solutions to retailers and restaurants globally, while NCR Atleos specializes in expanding financial access through self-service channels and ATM network services. The site targets business clients in retail, restaurant, and financial sectors, positioning itself as a leading enterprise in technology-driven commerce and financial services. Technically, the site is built using Webflow CMS, hosted behind Cloudflare, and employs jQuery and Google Fonts. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are present but insufficient without proper SSL/TLS configuration. No privacy, cookie, or terms of service policies are found, and no contact information or forms are provided, limiting user engagement and compliance transparency. Overall, the site demonstrates good design and branding consistency but requires significant improvements in security and privacy compliance to meet enterprise standards.

The website amsc-windtec.com currently serves only a parking or under construction page with no active business content or services presented. The domain lacks DNS records and a valid SSL certificate, resulting in no HTTPS support and poor security posture. The site includes third-party ad scripts from suspicious domains, further reducing trustworthiness. There is no privacy policy, cookie policy, terms of service, or contact information available, indicating a lack of compliance and transparency. Overall, the site does not represent an active or legitimate business presence online. From a technical perspective, the infrastructure is minimal and outdated, with no modern security protocols or performance optimizations. The absence of DNS records and SSL suggests the domain is parked or abandoned. The site is not mobile optimized and lacks accessibility and SEO best practices. Security evaluation reveals critical vulnerabilities including no HTTPS, no security headers, and no incident response or data protection policies. The presence of third-party ad scripts without consent mechanisms raises privacy concerns. The domain's WHOIS data is incomplete or unavailable, limiting trust and legitimacy assessments. Given these findings, the overall risk is high for users attempting to interact with this domain. Strategic recommendations include obtaining a valid SSL certificate, configuring DNS properly, removing third-party ad scripts, and developing a compliant, content-rich website with clear business and contact information.

C

Caterpillar Energy Solutions GmbH

mwm.net

28

MWM, operating under Caterpillar Energy Solutions GmbH, is a well-established company specializing in highly efficient and environmentally friendly combined heat and power plants and block heating power plants. With over 150 years of experience, the company offers a broad portfolio of gas engines and power generation solutions targeting industrial, commercial, and public utility sectors globally. The website reflects a mature digital presence with comprehensive product and service information, supported by a global service and sales network. Technically, the site is built on WordPress with common libraries and plugins, but suffers from a critical lack of a valid SSL certificate, which severely impacts its security posture. Privacy policies and GDPR compliance are well addressed, and contact is primarily via web forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

C

Chez Bruce

chezbruce.co.uk

33

Chez Bruce is a small, established restaurant business located in the United Kingdom with a mature domain age of 21 years. The website provides basic information about the restaurant, its food and wine offerings, booking options, and contact details. The business targets local diners and visitors seeking a fine dining experience. The website uses WordPress CMS with jQuery and integrates a third-party booking widget from SevenRooms. However, the technical infrastructure lacks modern security measures, notably the absence of a valid SSL certificate and HTTPS, which significantly impacts user trust and security. The website content is minimal and lacks privacy and cookie policies, indicating poor compliance with data protection regulations. Contact information is clearly presented but limited to phone numbers and a physical address, with no company email addresses found.

The website falstaff.at is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page instead of actual business content. This prevents a full assessment of the company's online presence, business model, or services. The domain is registered and has DNS records consistent with operational email infrastructure, but no valid SSL certificate is installed, and HTTPS is not properly configured. The lack of visible content, contact information, or compliance policies indicates a very limited digital footprint at this time. Technically, the site relies on Cloudflare for security and hosting services but fails to implement essential security best practices such as valid SSL/TLS, HSTS, and OCSP stapling. Performance and accessibility cannot be evaluated due to the blocked content. The presence of Cloudflare Insights indicates minimal analytics tracking. From a security perspective, the absence of HTTPS and the presence of a WAF block significantly reduce the trustworthiness and usability of the site. No privacy, cookie, or terms of service policies are found, and no contact or incident response information is available. The domain registration data appears consistent and legitimate but lacks detailed WHOIS information to confirm domain age or registrant identity. Overall, the site scores very low on content quality, technical implementation, security posture, privacy compliance, and business credibility due to the blocking and missing information. Strategic recommendations include resolving SSL issues, publishing essential policies, providing clear contact information, and ensuring the site is accessible to legitimate users to improve trust and compliance.

The website pgkengineering.com is currently inactive and displays a Squarespace default expiration notice indicating the account has expired. No business content, contact information, or policies are present, making it impossible to assess the company's services, market position, or target audience. The technical infrastructure is minimal, relying on Squarespace hosting with no SSL certificate configured, resulting in an insecure HTTP-only site. Security posture is weak due to lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Overall, the site is non-functional and does not provide any business or security assurances. Strategic recommendations include renewing the hosting account, implementing HTTPS with a valid SSL certificate, and publishing essential business and compliance information to restore trust and functionality.

wengermayer business consulting is a small Austrian consulting firm specializing in human-centric organizational development, communication culture, conflict management, and personnel development. Their services focus on supporting businesses where human interaction and development are central. The website is built on Contao CMS and hosted on an Apache server with Ubuntu, using various JavaScript libraries for UI enhancements. However, the site lacks HTTPS, which is a critical security vulnerability. Cookie consent is implemented via Cookiebot, indicating awareness of privacy compliance. Social media presence on XING, LinkedIn, Facebook, and Twitter supports business credibility. Overall, the technical infrastructure is basic with room for modernization and security improvements.

F

FLSmidth A/S

flsmidth.com

39

FLSmidth A/S is a global leader in mineral processing equipment and services, serving the mining industry with a comprehensive portfolio of products, parts, and digital solutions. The company emphasizes sustainability through its MissionZero program, aiming for zero-emissions mining by 2030. The website is built on a modern Next.js framework and hosted on Vercel, reflecting a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS enforcement, which significantly impacts the site's security posture. Despite this, the site provides extensive business and investor information, clear contact details, and demonstrates good privacy compliance with comprehensive legal pages. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

Wipro

wipro.com

40

Wipro is a mature, global enterprise specializing in digital transformation and IT services, offering a broad portfolio including cloud, AI, cybersecurity, and consulting. The website reflects a professional and content-rich digital presence targeting enterprise clients worldwide. Technically, the site uses modern marketing and analytics technologies and is hosted on AWS with Adobe Experience Manager CMS. However, critical security issues exist due to an invalid SSL certificate and lack of modern TLS protocol support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions.

ج

جامعة الملك سعود

ksu.edu.sa

37

King Saud University is a large, well-established academic institution in Saudi Arabia, founded in 1957. It offers comprehensive educational and research services and holds a strong market position as one of the largest universities globally by area. The website is built on Drupal 9 with modern frontend technologies and provides rich content primarily in Arabic with English support. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security flaw that undermines user trust and data protection. Privacy and cookie policies are present, but no explicit security or incident response policies were found. The university maintains a strong digital presence with official social media channels and mobile applications. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

D

Dr. Andreas Riedler Facharzt für HNO, Kopf- und Halschirurgie

der-hno-arzt.at

40

Dr. Andreas Riedler operates a specialized ENT medical practice based in Wels, Austria, providing comprehensive ear, nose, and throat healthcare services including examinations, therapies, and surgeries. The website targets local patients seeking trusted medical care and emphasizes personalized patient relationships and appointment scheduling. Technically, the website is built on a CMS platform (ZMS) with standard web technologies and integrates Matomo analytics for user behavior tracking with privacy opt-out features. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses that undermine user trust and data protection. Privacy and cookie policies are present but basic, and no terms of service or incident response policies are published. Overall, the website is functional and professionally presented but requires urgent security improvements to meet modern standards.

R

Raiffeisen Informatik GmbH & Co KG

raiffeiseninformatik.at

40

Raiffeisen Informatik GmbH & Co KG is a well-established IT service provider specializing in comprehensive IT solutions for financial and insurance sectors, with over 50 years of experience and a strong presence in Austria and neighboring countries. The company offers a broad range of services including data center operations, security services, IT consulting, and banking and insurance solutions. Their business model focuses on close collaboration with clients from planning through operation, supported by a large workforce and significant annual revenue. Technically, the website is built on WordPress with Apache server infrastructure and uses Cloudflare for DNS, but critically lacks a valid SSL certificate, exposing it to security risks. Security headers are implemented, but without HTTPS the security posture is severely weakened. Privacy compliance is basic with no visible cookie consent or incident response information. Overall, the website is professional and content-rich, but the lack of HTTPS is a major security concern that must be addressed urgently.

S

SonnenMoor

sonnenmoor.at

40

SonnenMoor is an established Austrian family-owned business specializing in natural health products and remedies, operating since 1972. The company leverages a Shopify-based e-commerce platform to serve both retail consumers and business partners, with a strong focus on natural, herbal, and moor-based products. The website is professionally designed, content-rich, and provides comprehensive contact and support information, including personal consultation services. Technically, the site uses modern e-commerce technologies and integrates multiple marketing and analytics tools with GDPR-compliant consent mechanisms. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which significantly impacts the security posture and user trust. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Strategic improvements in SSL/TLS configuration are essential to enhance security and trust.

T

Tulsa Public Schools

tulsaschools.org

40

Tulsa Public Schools operates a comprehensive public education system serving a large student population in Tulsa, Oklahoma. The website provides extensive resources for students, families, educators, and community members, including enrollment information, academic programs, family support, and career opportunities. The district positions itself as a community-focused organization committed to equity, excellence, and student success. Technically, the site leverages modern analytics and marketing tools, a reputable CMS (Finalsite), and Cloudflare for hosting and security. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the secure delivery of content and user trust. Privacy and cookie policies are not explicitly found, indicating potential compliance gaps. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

KWR Karasek Wietrzyk Rechtsanwälte GmbH is a leading Austrian law firm specializing in Wirtschaftsrecht (business law) with over 20 years of experience. The firm offers a broad range of legal services including construction law, intellectual property, dispute resolution, and more, targeting national and international corporate clients. The website is professionally designed, content-rich, and well-structured, reflecting the firm's strong market position and reputation supported by multiple industry recognitions such as Chambers and Legal 500. Technically, the site is built on TYPO3 CMS with modern frontend frameworks and includes user privacy mechanisms like cookie consent and optional Matomo analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to risks and undermining trust. Security headers are partially implemented but require enhancement. Overall, the site demonstrates good privacy compliance and business credibility but must urgently address its SSL/TLS configuration to improve security posture and user trust.

Q

Quest Global

quest-global.com

40

Quest Global is a well-established global engineering services provider with over 21,000 employees across 18 countries and 84 centers. The company specializes in delivering end-to-end engineering solutions across multiple industries including aerospace, automotive, healthcare, and energy. Their business model focuses on B2B partnerships with large enterprises, leveraging digital and embedded engineering expertise to solve complex engineering challenges. The website reflects a professional and comprehensive digital presence with strong branding and trusted partnerships with major technology companies such as NVIDIA, Microsoft, AWS, and Google Cloud. Technically, the website is built on WordPress with Elementor and hosted on WP Engine behind Cloudflare CDN. It uses modern marketing and analytics tools like HubSpot and Google Tag Manager. However, performance metrics are not provided, and the site shows signs of slow loading. Mobile optimization and SEO are good, but accessibility is basic. From a security perspective, the site has several strong security headers implemented, but critically lacks a valid SSL/TLS certificate and does not support any TLS protocols, which is a major vulnerability. This significantly reduces the security posture and exposes users to risks. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms in place, but no explicit security policy or incident response contacts are found. Overall, the website is professional and credible but urgently needs to address its SSL/TLS configuration to ensure secure communications and improve trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing security headers, and publishing explicit security and incident response policies.