Security Directory

I

illwerke vkw AG

illwerkevkw.at

0

illwerke vkw AG is a well-established energy company based in Austria, specializing in renewable energy production including hydropower, wind, and photovoltaic sources, as well as energy trading and supply. The company has a strong regional presence in Vorarlberg and operates several subsidiaries in related sectors such as energy networks and tourism. The website reflects a professional and consistent brand image with comprehensive business information and active social media engagement. Technically, the site uses modern JavaScript libraries and frameworks, including Bootstrap and jQuery, and integrates Google Tag Manager and Usercentrics for analytics and consent management. However, the lack of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting the overall security posture and user trust. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR requirements. Overall, the website is informative and user-friendly but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

T

traffic3 GmbH

traffic3.net

0

traffic3 GmbH is a specialized online marketing agency based in Vienna, Austria, focusing on performance marketing services such as Google Ads, SEO, web analytics, video and social ads, programmatic advertising, and conversion optimization. The company holds reputable certifications including Google Ads Premier Partner and Google Analytics Certified Service Partner, positioning it as a trusted player in the digital marketing sector. The website content is rich, professionally designed, and targets businesses seeking expert online marketing solutions primarily in Austria. Technically, the website employs modern JavaScript and consent management tools but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Performance is slow, with a page load time exceeding 14 seconds, which may affect user experience. Privacy compliance is well addressed with comprehensive policies and a consent mechanism in place. Contact information is clearly presented, enhancing business credibility. Overall, the site demonstrates strong business legitimacy but requires urgent security improvements.

B

Bridgestone Americas, Inc.

bridgestoneamericas.com

0

Bridgestone Americas, Inc. is a leading enterprise in the transportation sector specializing in tire manufacturing and sustainable mobility solutions. Founded in 1931 and operating as a subsidiary of Bridgestone Corporation, the company maintains a strong market position with a comprehensive digital presence. The website reflects a professional and consistent brand image, targeting both consumers and business clients with detailed corporate information and resources. Technically, the site leverages modern frameworks such as Adobe Experience Manager and Vuetify, supported by a robust hosting infrastructure on AWS. However, a critical security gap exists due to an invalid or missing SSL certificate, severely impacting the site's security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is trustworthy and professionally maintained but requires urgent remediation of its SSL configuration to ensure secure user interactions.

Romeo Mori operates a professional photography portfolio website showcasing a curated selection of fashion, portrait, editorial, and campaign photography. The site targets fashion brands, advertising agencies, editorial magazines, and individuals seeking high-quality photography services. The business model is service-oriented, focusing on creative photography presentations tailored to client needs. The website is built using Adobe Muse with jQuery and RequireJS, hosted on one.com, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and missing security headers, exposing the site to potential risks and undermining user trust. Privacy compliance is minimal with no privacy or cookie policies present. Overall, the site is professional in content and design but requires significant improvements in security and compliance to enhance trust and protect visitors.

B

Bischöflich Münstersches Offizialat

bmo-vechta.de

0

The Bischöflich Münstersches Offizialat website serves as an official regional church institution platform providing a wide range of services including church law, pastoral care, education, and prevention of sexualized violence. It targets the Catholic community and church stakeholders in the Oldenburger Land region of Germany. The site is built on TYPO3 CMS and integrates various extensions for search and event management, reflecting a moderate level of digital maturity. However, the absence of HTTPS is a critical security flaw that undermines user trust and data protection. The website lacks a cookie consent mechanism and explicit security or incident response policies, which are important for GDPR compliance and overall security posture. Despite these issues, the site presents professional content with clear navigation and consistent branding, supported by links to reputable church partners.

IFS is a global enterprise software solution provider specializing in ERP, EAM, FSM, and ESM solutions with a strong emphasis on Industrial AI (IFS.ai). The company targets industrial and enterprise customers requiring advanced asset and service management solutions. Their market position is strong, supported by industry accolades and a large enterprise presence. Technically, the website uses a modern tech stack including Bootstrap, jQuery, and various JavaScript libraries, hosted on Akamai CDN, with Sitecore CMS inferred. Security headers are well implemented, but the SSL certificate is currently invalid or missing, which is a critical issue. Privacy and cookie policies are present with consent mechanisms, indicating good compliance posture. Overall, the website is professional, content-rich, and trustworthy, though SSL issues need urgent resolution.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

A&N GesbR

shelfie.at

0

The website shelfie.at is currently a coming soon placeholder page for the company A&N GesbR, represented by Philipp Asanger and Manuel Nobis, located in Linz, Austria. The site provides minimal business information, primarily a logo and contact address, with no detailed description of services or products. The business appears to be small and in early stages of web presence development. Technically, the site is built on WordPress using the SeedProd coming soon plugin, with Tailwind CSS and FontAwesome for styling, and jQuery for scripting. It is hosted behind Cloudflare with valid SSL, but the SSL certificate dates appear inconsistent, possibly due to data error. The site performance is slow with a high load time, and lacks modern security headers and HSTS enforcement. Mobile optimization and accessibility are basic. From a security perspective, HTTPS is enabled with a valid certificate, but no additional security headers or policies are implemented. There are no forms or data collection points, reducing attack surface but also limiting user engagement. No privacy, cookie, or terms of service policies are present, indicating low privacy compliance. DNSSEC and CAA are not enabled, and no vulnerability disclosure or incident response information is provided. Overall, the site is low risk but also low maturity in security and privacy posture. Strategic recommendations include implementing security headers and HSTS, adding privacy and cookie policies to comply with GDPR, improving site performance, and expanding business content to enhance credibility and user trust.

H

HOLZWURM Werkzeuge

holzwurm-werkzeuge.de

0

HOLZWURM Werkzeuge is a small Austrian e-commerce business specializing in selling creative tools for hobbyists and crafters, primarily via online marketplaces such as Amazon and Etsy, as well as their own WooCommerce-based shop. Founded in 2017, the company emphasizes quality and customer satisfaction, targeting a broad audience of creative individuals. The website is built on WordPress with WooCommerce and uses modern web technologies and marketing tools including Cookiebot for consent management and Facebook Pixel for tracking. However, the site lacks a valid SSL certificate, exposing visitors to security risks and undermining trust. Privacy policies and terms of service are present and GDPR compliance is partially addressed through cookie consent mechanisms. Contact information is complete and transparent, supporting business credibility.

A

AXIS Flight Training Systems GmbH

axis-simulation.com

0

AXIS Flight Training Systems GmbH is a medium-sized Austrian company specializing in the design and manufacture of advanced flight simulation solutions, including full flight simulators and training devices that comply with international aviation standards such as EASA, FAA, and ICAO. Founded in 2004, AXIS positions itself as an innovator in the flight simulation industry, emphasizing quality, efficiency, and responsiveness to customer needs. The company maintains ISO 9001-2015 certification and has committed to CO2 neutrality since 2021, reflecting corporate responsibility values. Technically, the website is built on WordPress with Elementor and integrates various plugins for event management, galleries, and cookie consent. The site uses Google Analytics and Google Ads for analytics and marketing, with a compliant cookie consent mechanism in place. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. The DNS configuration shows some malformed CAA records, and no modern TLS protocols are enabled, exposing the site to potential security risks. Security posture is weak due to the absence of HTTPS and related security headers, although no active vulnerabilities or malware were detected. Privacy compliance is strong, with clear privacy and cookie policies and user consent mechanisms. Business credibility is high, supported by detailed company information, social media presence, and trust indicators such as certifications and CO2 neutrality. Overall, the website is professional and content-rich but requires urgent security improvements, particularly SSL/TLS implementation, to protect user data and enhance trustworthiness.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

K

KISSA Tea

kissatea.com

0

KISSA Tea operates a premium e-commerce platform specializing in organic matcha tea and related accessories, targeting health-conscious and lifestyle consumers primarily in Europe. The website is built on Shopify and leverages multiple marketing and analytics tools to enhance customer engagement and sales. While the site demonstrates excellent content quality, branding consistency, and user experience, a critical security gap exists due to the absence of a valid SSL certificate, undermining HTTPS security. The presence of comprehensive privacy and cookie policies with consent mechanisms reflects good compliance posture. Overall, the business appears legitimate and well-positioned in its niche, but immediate remediation of SSL/TLS issues is essential to protect customer data and maintain trust.

4ward Energy Research GmbH is a specialized research institution focused on energy technologies and energy economics. The company offers a broad range of services including technology development, business model creation, concept and study preparation, simulations, and knowledge transfer. Their expertise spans project leadership and coordination, particularly within national and EU research funding frameworks. The website targets research projects, companies, and municipalities involved in the energy sector, positioning itself as a reliable partner with extensive experience and a strong network. Technically, the website is built on TYPO3 CMS with modern frontend libraries such as Bootstrap and jQuery, ensuring good mobile responsiveness and user experience. However, the site lacks HTTPS support, which is a critical security shortfall. Security headers are minimal but some best practices like X-Content-Type-Options are implemented. Privacy compliance is addressed with a cookie consent mechanism and a comprehensive privacy policy in German. Contact information is clearly presented with official company email, phone, and physical address. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

D

Die Grünen

gruene.at

0

Die Grünen Austria is a well-established political party focused on environmental protection, social justice, and green policies. The website serves as a comprehensive platform for information dissemination, event promotion, and member engagement, targeting Austrian citizens interested in green politics. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, it is built on WordPress with modern frameworks and uses Cloudflare for hosting and CDN services. However, the absence of a valid SSL certificate and HTTPS significantly weakens its security posture. Privacy compliance is well addressed through GDPR-compliant consent management and detailed privacy policies. Overall, the site is trustworthy and credible but requires urgent security improvements.

A

Arzneiwerk AG

teles.com

0

Arzneiwerk AG is a healthcare company specializing in securing the supply of newly developed or rare specialty pharmaceuticals across Europe. The company maintains a professional online presence focused on investor relations and business transparency. The website is built on WordPress using Elementor and includes SEO and cookie consent tools, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support represents a significant security gap, exposing users to potential risks. Privacy policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the business appears legitimate and consistent with its domain registration and content, but security improvements are critical to enhance trust and compliance.

The website amiraair.at is currently a parked domain landing page with no active business content or services. It primarily serves as a domain for sale advertisement, targeting potential domain buyers or investors. The site lacks any company branding, contact information, or business descriptions, indicating it is not currently used for commercial operations. Technically, the site is hosted on Hetzner Online with nginx and Caddy components, and uses several advertising and tracking scripts from parkingcrew.net and Google Adsense Domains CAF. However, the site lacks HTTPS support and has no valid SSL certificate, exposing it to security risks and reducing user trust. Security headers and best practices are minimal or absent, and no privacy or cookie consent mechanisms are implemented beyond a basic privacy policy link. Overall, the site’s security posture is weak, and its technical and content quality is poor, reflecting its status as a parked domain rather than an active business website.

G

Gruppo Codognotto

codognotto.eu

0

Gruppo Codognotto is a well-established logistics and freight transport company based in Italy, offering integrated logistics services including sea, air, and road transport, customs handling, and warehousing. The company operates a large fleet across multiple countries and holds recognized ISO certifications, positioning itself as a reliable third-party logistics provider in the European and international markets. The website reflects a professional business presence with clear service offerings and relevant content for its target audience. Technically, the site runs on Drupal 7 with common web technologies like jQuery and Bootstrap, but suffers from outdated CMS usage and lacks a valid SSL certificate, which significantly impacts its security posture. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols exposes users to risks. Privacy and cookie policies exist but are basic, with limited GDPR compliance indicators. Contact information is available via email and forms, but no phone numbers or physical addresses are explicitly provided. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

S

SK Rapid

skrapid.at

0

SK Rapid's official website serves as a digital hub for the Austrian football club, providing fans with access to news, podcasts, merchandise, ticket sales, and video content. The site demonstrates a solid market position as a leading sports organization in Austria with a well-established brand and multiple sponsorship partnerships. Technically, the website is hosted on nginx servers with a modern JavaScript-based frontend and integrates third-party services such as Google Tag Manager and OneTrust for cookie consent management. However, the absence of HTTPS and a valid SSL certificate significantly undermines the site's security posture, exposing users to potential risks. The site lacks explicit privacy and terms of service policies, which impacts compliance with GDPR and other privacy regulations. Overall, while the business presence and content quality are good, critical security and privacy gaps require urgent attention to protect users and enhance trust.

C

CATRO Personalberatung und Media GmbH

catro.com

0

CATRO Personalberatung und Media GmbH is an Austrian company specializing in personnel consulting and media services, offering a range of services including personnel search, applicant management, suitability diagnostics, and online learning platforms. The company targets businesses seeking professional support in human resources and media-related services. The website is built on WordPress with a modern tech stack including Apache server, LiteSpeed cache, and various JavaScript libraries. While the site is well-designed, mobile-optimized, and SEO-friendly, it lacks a valid SSL certificate, which is a critical security vulnerability. The company demonstrates good privacy compliance with a comprehensive privacy policy and cookie consent mechanism. However, there is no explicit security policy or incident response information available on the site. Overall, the website is professional and trustworthy but requires urgent improvements in its security posture to protect user data and enhance trust.

K

KOHLBACH

kohlbach.at

0

KOHLBACH is a company specializing in biomass energy solutions, targeting businesses and organizations interested in sustainable energy production. The website presents a basic digital presence with minimal content and limited business information. The technical infrastructure uses modern JavaScript frameworks such as React and integrates third-party services like CookiePro for cookie consent and Google Tag Manager for analytics. However, the website lacks HTTPS, which is a critical security deficiency, and does not provide privacy policies or contact information, limiting trust and compliance. Security posture is weak due to missing SSL, lack of security headers beyond Content-Security-Policy, and absence of domain security features like DMARC and DNSSEC. Overall, the site is functional but requires significant improvements in security and compliance to meet industry standards.

S

Stork

stork.com

0

Stork is an established industrial services company focused on asset management, maintenance, and consultancy primarily in the energy and process industries. Recently acquired by Bilfinger, Stork operates under its umbrella in several key countries including Belgium, the Netherlands, Germany, and the USA. The website presents a comprehensive overview of their services and global presence, targeting industrial clients seeking lifecycle asset support. Technically, the site uses modern React technology but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies including consent mechanisms. However, explicit contact details like emails and phone numbers are not readily available, relying mainly on contact forms. Overall, the site is professional and trustworthy but would benefit from improved security configurations and performance optimizations.

N

NCR Corporation

ncr.com

0

The website for ncr.com serves as a landing page announcing the corporate split of NCR Corporation into two distinct entities: NCR Voyix and NCR Atleos. NCR Voyix focuses on providing digital commerce solutions to retailers and restaurants globally, while NCR Atleos specializes in expanding financial access through self-service channels and ATM network services. The site targets business clients in retail, restaurant, and financial sectors, positioning itself as a leading enterprise in technology-driven commerce and financial services. Technically, the site is built using Webflow CMS, hosted behind Cloudflare, and employs jQuery and Google Fonts. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are present but insufficient without proper SSL/TLS configuration. No privacy, cookie, or terms of service policies are found, and no contact information or forms are provided, limiting user engagement and compliance transparency. Overall, the site demonstrates good design and branding consistency but requires significant improvements in security and privacy compliance to meet enterprise standards.

The website amsc-windtec.com currently serves only a parking or under construction page with no active business content or services presented. The domain lacks DNS records and a valid SSL certificate, resulting in no HTTPS support and poor security posture. The site includes third-party ad scripts from suspicious domains, further reducing trustworthiness. There is no privacy policy, cookie policy, terms of service, or contact information available, indicating a lack of compliance and transparency. Overall, the site does not represent an active or legitimate business presence online. From a technical perspective, the infrastructure is minimal and outdated, with no modern security protocols or performance optimizations. The absence of DNS records and SSL suggests the domain is parked or abandoned. The site is not mobile optimized and lacks accessibility and SEO best practices. Security evaluation reveals critical vulnerabilities including no HTTPS, no security headers, and no incident response or data protection policies. The presence of third-party ad scripts without consent mechanisms raises privacy concerns. The domain's WHOIS data is incomplete or unavailable, limiting trust and legitimacy assessments. Given these findings, the overall risk is high for users attempting to interact with this domain. Strategic recommendations include obtaining a valid SSL certificate, configuring DNS properly, removing third-party ad scripts, and developing a compliant, content-rich website with clear business and contact information.

C

Caterpillar Energy Solutions GmbH

mwm.net

0

MWM, operating under Caterpillar Energy Solutions GmbH, is a well-established company specializing in highly efficient and environmentally friendly combined heat and power plants and block heating power plants. With over 150 years of experience, the company offers a broad portfolio of gas engines and power generation solutions targeting industrial, commercial, and public utility sectors globally. The website reflects a mature digital presence with comprehensive product and service information, supported by a global service and sales network. Technically, the site is built on WordPress with common libraries and plugins, but suffers from a critical lack of a valid SSL certificate, which severely impacts its security posture. Privacy policies and GDPR compliance are well addressed, and contact is primarily via web forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

C

Chez Bruce

chezbruce.co.uk

0

Chez Bruce is a small, established restaurant business located in the United Kingdom with a mature domain age of 21 years. The website provides basic information about the restaurant, its food and wine offerings, booking options, and contact details. The business targets local diners and visitors seeking a fine dining experience. The website uses WordPress CMS with jQuery and integrates a third-party booking widget from SevenRooms. However, the technical infrastructure lacks modern security measures, notably the absence of a valid SSL certificate and HTTPS, which significantly impacts user trust and security. The website content is minimal and lacks privacy and cookie policies, indicating poor compliance with data protection regulations. Contact information is clearly presented but limited to phone numbers and a physical address, with no company email addresses found.

The website falstaff.at is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page instead of actual business content. This prevents a full assessment of the company's online presence, business model, or services. The domain is registered and has DNS records consistent with operational email infrastructure, but no valid SSL certificate is installed, and HTTPS is not properly configured. The lack of visible content, contact information, or compliance policies indicates a very limited digital footprint at this time. Technically, the site relies on Cloudflare for security and hosting services but fails to implement essential security best practices such as valid SSL/TLS, HSTS, and OCSP stapling. Performance and accessibility cannot be evaluated due to the blocked content. The presence of Cloudflare Insights indicates minimal analytics tracking. From a security perspective, the absence of HTTPS and the presence of a WAF block significantly reduce the trustworthiness and usability of the site. No privacy, cookie, or terms of service policies are found, and no contact or incident response information is available. The domain registration data appears consistent and legitimate but lacks detailed WHOIS information to confirm domain age or registrant identity. Overall, the site scores very low on content quality, technical implementation, security posture, privacy compliance, and business credibility due to the blocking and missing information. Strategic recommendations include resolving SSL issues, publishing essential policies, providing clear contact information, and ensuring the site is accessible to legitimate users to improve trust and compliance.

The website pgkengineering.com is currently inactive and displays a Squarespace default expiration notice indicating the account has expired. No business content, contact information, or policies are present, making it impossible to assess the company's services, market position, or target audience. The technical infrastructure is minimal, relying on Squarespace hosting with no SSL certificate configured, resulting in an insecure HTTP-only site. Security posture is weak due to lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Overall, the site is non-functional and does not provide any business or security assurances. Strategic recommendations include renewing the hosting account, implementing HTTPS with a valid SSL certificate, and publishing essential business and compliance information to restore trust and functionality.

wengermayer business consulting is a small Austrian consulting firm specializing in human-centric organizational development, communication culture, conflict management, and personnel development. Their services focus on supporting businesses where human interaction and development are central. The website is built on Contao CMS and hosted on an Apache server with Ubuntu, using various JavaScript libraries for UI enhancements. However, the site lacks HTTPS, which is a critical security vulnerability. Cookie consent is implemented via Cookiebot, indicating awareness of privacy compliance. Social media presence on XING, LinkedIn, Facebook, and Twitter supports business credibility. Overall, the technical infrastructure is basic with room for modernization and security improvements.

F

FLSmidth A/S

flsmidth.com

0

FLSmidth A/S is a global leader in mineral processing equipment and services, serving the mining industry with a comprehensive portfolio of products, parts, and digital solutions. The company emphasizes sustainability through its MissionZero program, aiming for zero-emissions mining by 2030. The website is built on a modern Next.js framework and hosted on Vercel, reflecting a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS enforcement, which significantly impacts the site's security posture. Despite this, the site provides extensive business and investor information, clear contact details, and demonstrates good privacy compliance with comprehensive legal pages. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

Wipro

wipro.com

0

Wipro is a mature, global enterprise specializing in digital transformation and IT services, offering a broad portfolio including cloud, AI, cybersecurity, and consulting. The website reflects a professional and content-rich digital presence targeting enterprise clients worldwide. Technically, the site uses modern marketing and analytics technologies and is hosted on AWS with Adobe Experience Manager CMS. However, critical security issues exist due to an invalid SSL certificate and lack of modern TLS protocol support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions.

ج

جامعة الملك سعود

ksu.edu.sa

0

King Saud University is a large, well-established academic institution in Saudi Arabia, founded in 1957. It offers comprehensive educational and research services and holds a strong market position as one of the largest universities globally by area. The website is built on Drupal 9 with modern frontend technologies and provides rich content primarily in Arabic with English support. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security flaw that undermines user trust and data protection. Privacy and cookie policies are present, but no explicit security or incident response policies were found. The university maintains a strong digital presence with official social media channels and mobile applications. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

D

Dr. Andreas Riedler Facharzt für HNO, Kopf- und Halschirurgie

der-hno-arzt.at

0

Dr. Andreas Riedler operates a specialized ENT medical practice based in Wels, Austria, providing comprehensive ear, nose, and throat healthcare services including examinations, therapies, and surgeries. The website targets local patients seeking trusted medical care and emphasizes personalized patient relationships and appointment scheduling. Technically, the website is built on a CMS platform (ZMS) with standard web technologies and integrates Matomo analytics for user behavior tracking with privacy opt-out features. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses that undermine user trust and data protection. Privacy and cookie policies are present but basic, and no terms of service or incident response policies are published. Overall, the website is functional and professionally presented but requires urgent security improvements to meet modern standards.

R

Raiffeisen Informatik GmbH & Co KG

raiffeiseninformatik.at

0

Raiffeisen Informatik GmbH & Co KG is a well-established IT service provider specializing in comprehensive IT solutions for financial and insurance sectors, with over 50 years of experience and a strong presence in Austria and neighboring countries. The company offers a broad range of services including data center operations, security services, IT consulting, and banking and insurance solutions. Their business model focuses on close collaboration with clients from planning through operation, supported by a large workforce and significant annual revenue. Technically, the website is built on WordPress with Apache server infrastructure and uses Cloudflare for DNS, but critically lacks a valid SSL certificate, exposing it to security risks. Security headers are implemented, but without HTTPS the security posture is severely weakened. Privacy compliance is basic with no visible cookie consent or incident response information. Overall, the website is professional and content-rich, but the lack of HTTPS is a major security concern that must be addressed urgently.

S

SonnenMoor

sonnenmoor.at

0

SonnenMoor is an established Austrian family-owned business specializing in natural health products and remedies, operating since 1972. The company leverages a Shopify-based e-commerce platform to serve both retail consumers and business partners, with a strong focus on natural, herbal, and moor-based products. The website is professionally designed, content-rich, and provides comprehensive contact and support information, including personal consultation services. Technically, the site uses modern e-commerce technologies and integrates multiple marketing and analytics tools with GDPR-compliant consent mechanisms. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which significantly impacts the security posture and user trust. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Strategic improvements in SSL/TLS configuration are essential to enhance security and trust.

T

Tulsa Public Schools

tulsaschools.org

0

Tulsa Public Schools operates a comprehensive public education system serving a large student population in Tulsa, Oklahoma. The website provides extensive resources for students, families, educators, and community members, including enrollment information, academic programs, family support, and career opportunities. The district positions itself as a community-focused organization committed to equity, excellence, and student success. Technically, the site leverages modern analytics and marketing tools, a reputable CMS (Finalsite), and Cloudflare for hosting and security. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the secure delivery of content and user trust. Privacy and cookie policies are not explicitly found, indicating potential compliance gaps. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

KWR Karasek Wietrzyk Rechtsanwälte GmbH is a leading Austrian law firm specializing in Wirtschaftsrecht (business law) with over 20 years of experience. The firm offers a broad range of legal services including construction law, intellectual property, dispute resolution, and more, targeting national and international corporate clients. The website is professionally designed, content-rich, and well-structured, reflecting the firm's strong market position and reputation supported by multiple industry recognitions such as Chambers and Legal 500. Technically, the site is built on TYPO3 CMS with modern frontend frameworks and includes user privacy mechanisms like cookie consent and optional Matomo analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to risks and undermining trust. Security headers are partially implemented but require enhancement. Overall, the site demonstrates good privacy compliance and business credibility but must urgently address its SSL/TLS configuration to improve security posture and user trust.

Q

Quest Global

quest-global.com

0

Quest Global is a well-established global engineering services provider with over 21,000 employees across 18 countries and 84 centers. The company specializes in delivering end-to-end engineering solutions across multiple industries including aerospace, automotive, healthcare, and energy. Their business model focuses on B2B partnerships with large enterprises, leveraging digital and embedded engineering expertise to solve complex engineering challenges. The website reflects a professional and comprehensive digital presence with strong branding and trusted partnerships with major technology companies such as NVIDIA, Microsoft, AWS, and Google Cloud. Technically, the website is built on WordPress with Elementor and hosted on WP Engine behind Cloudflare CDN. It uses modern marketing and analytics tools like HubSpot and Google Tag Manager. However, performance metrics are not provided, and the site shows signs of slow loading. Mobile optimization and SEO are good, but accessibility is basic. From a security perspective, the site has several strong security headers implemented, but critically lacks a valid SSL/TLS certificate and does not support any TLS protocols, which is a major vulnerability. This significantly reduces the security posture and exposes users to risks. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms in place, but no explicit security policy or incident response contacts are found. Overall, the website is professional and credible but urgently needs to address its SSL/TLS configuration to ensure secure communications and improve trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing security headers, and publishing explicit security and incident response policies.

C

CMC Markets

cmcmarkets.com

0

CMC Markets is a well-established global online trading platform founded in 1989, offering leveraged trading on a wide range of financial instruments including forex, indices, commodities, cryptocurrencies, shares, ETFs, and bonds. The company operates multiple trading platforms such as MetaTrader 4, MetaTrader 5, TradingView integration, and its proprietary web and mobile platforms, serving over 1.5 million global clients. It is a FTSE 250 listed company with a strong market position and multiple regulatory licenses, including in Bermuda and the UK. The website is professionally designed, content-rich, and targets retail and institutional traders worldwide. Technically, the website is built on modern frameworks like Next.js and hosted on Vercel, with good mobile optimization and SEO practices. The platform supports multiple device types and integrates third-party services for enhanced user experience and marketing. However, the SSL certificate is currently invalid or missing, which is a critical security concern. Security headers are partially implemented, and there is no evidence of advanced security policies or incident response information on the site. The security posture is moderate with room for improvement, especially in SSL configuration and additional security headers. Privacy and cookie policies are present and indicate GDPR compliance, with clear consent mechanisms. Contact information is comprehensive, including phone, email, and physical addresses in multiple countries. The company demonstrates strong business credibility through trust indicators such as awards, Trustpilot reviews, and regulatory compliance. Overall, CMC Markets presents a professional and trustworthy online trading service with a mature digital presence. Addressing the SSL certificate issue and enhancing security headers would significantly improve the security posture and user trust.

B

bgm Partners

bgm-partners.com

0

bgm Partners is a small, privately owned corporate finance advisory firm headquartered in Vienna, Austria, with an additional presence in Luzern, Switzerland. The company specializes in mid-cap and large-cap advisory services focusing on Mergers & Acquisitions, Corporate Finance, and Project Finance. The website presents basic business information and service offerings targeting corporate clients seeking financial advisory services. The market position appears modest but globally oriented within the finance sector. Technically, the website is built on TYPO3 CMS and uses legacy JavaScript libraries such as jQuery 1.7.2. Google Analytics is implemented for visitor tracking, but the site lacks modern performance optimizations and mobile responsiveness is basic. The website does not use HTTPS, which is a critical security deficiency. The absence of a valid SSL certificate and modern TLS protocols exposes visitors to security risks and undermines trust. From a security perspective, the site lacks essential protections such as HTTPS, HSTS, and security headers. No incident response or security policies are publicly available, and no contact emails or phone numbers are provided for direct communication. Privacy compliance is minimal, with a basic privacy policy present but no cookie consent mechanism. The presence of an unrelated external gambling link in hidden text raises minor suspicion. Overall, the website's risk profile is elevated due to missing HTTPS and weak security posture. Strategic improvements should prioritize securing the site with a valid SSL certificate, implementing security headers, and enhancing privacy compliance. Business credibility would benefit from clearer contact information and updated technical infrastructure.

Weatherford's PetroVisor website presents a mature and comprehensive SaaS platform focused on unifying data and analytics for the energy sector, specifically oil and gas production optimization. The platform integrates AI/ML capabilities and offers multiple modules addressing production, artificial lift, completion optimization, ESG, and enhanced oil recovery. The website is professionally designed, content-rich, and targets enterprise-level energy industry professionals. Technically, the site uses a modern tech stack including Kentico CMS, jQuery, and various analytics and marketing tools. However, a critical security gap exists as the site lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security incident response or vulnerability disclosure information is found. Overall, the domain registration data supports the legitimacy and maturity of the business. Strategic security improvements are necessary to enhance trust and protect user data.

M

MPG GmbH

michael-pachleitner-group.com

0

MPG GmbH is an established Austrian eyewear company specializing in manufacturing and retail of optical frames and lenses, serving both B2B and B2C markets. The company operates multiple subsidiaries and maintains a professional online presence with multilingual support and structured data. Technically, the website is built on WordPress using Elementor and Yoast SEO, integrating marketing tools such as Google Tag Manager and Facebook Pixel. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the business demonstrates credibility and maturity, but security posture requires urgent improvement to align with best practices.

S

SRB Consulting Team GmbH

srb.at

0

SRB Consulting Team GmbH is a well-established IT service provider specializing in SAP consulting, implementation, and optimization services. With over 25 years of experience and a strong SAP Gold Partner certification, the company offers a broad range of SAP-related solutions including ERP, CRM, SCM, and SAP Business Technology Platform services. Their target audience includes businesses across various industries seeking digital transformation and SAP expertise. The website presents professional content, clear navigation, and consistent branding, supported by a solid social media presence. Technically, the website uses a variety of modern front-end libraries such as Bootstrap, jQuery, and Owl Carousel, but lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Performance is slow with a high page load time and large page size, indicating potential optimization needs. Privacy compliance is well addressed with a GDPR-compliant cookie consent mechanism and a clear privacy policy. Security posture is weak due to the absence of HTTPS, missing security headers, and no visible incident response or security policies. This exposes the site and its users to risks and undermines trust. The WHOIS data confirms the domain's legitimacy and consistency with the business claims, reinforcing the company's credibility. Overall, while the business and content quality are good, the lack of HTTPS and security best practices significantly lowers the security score and overall rating. Immediate remediation of SSL/TLS issues and security hardening is recommended to improve trust and compliance.

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 29 security findings identified across all modules.

L

Lidl Österreich

lidl.at

0

Lidl Österreich operates a comprehensive retail website offering a wide range of products including food, household items, garden supplies, fashion, and more. The site features extensive promotional content, including weekly offers and loyalty programs such as Lidl Plus. The company holds a strong market position in Austria as a leading discount supermarket chain, supported by a consistent and professional brand presence. Technically, the website employs modern technologies like Vue.js and is hosted on a robust infrastructure with Akamai DNS services. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Despite this, the site implements several security headers and content security policies, indicating a focus on security best practices. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the site is professional and trustworthy but must urgently address the SSL deficiency to ensure secure user interactions.

O

OC Oerlikon Management AG

oerlikon.com

0

OC Oerlikon Management AG is a global industrial technology leader specializing in surface technologies, advanced materials, and additive manufacturing solutions. The company serves key growth markets including automotive, aerospace, energy, tooling, and luxury sectors through a portfolio of subsidiaries and partner brands. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy compliance is well addressed with a robust cookie consent mechanism and clear privacy policies. Overall, the business demonstrates high legitimacy and market positioning but requires urgent improvements in security posture to align with best practices.

G

GTech Automatisierungstechnik GmbH

gtech.at

0

GTech Automatisierungstechnik GmbH is a medium-sized Austrian company specializing in automation technology, providing complex measurement, alignment, testing, and assembly systems primarily for large series production. The company has a strong market position as an innovator and specialist with over 20 years of experience, serving industrial clients worldwide. Their website is professionally designed and provides comprehensive information about their services and values. Technically, the site is built on the Wix platform using modern frameworks like React, but lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with some security headers present but no HTTPS, exposing the site to potential risks. Privacy compliance is good with clear privacy and cookie policies, and contact information is readily available. Overall, the site is trustworthy but needs urgent security improvements to protect user data and enhance credibility.

Merit Group Limited is a UK-based B2B data and intelligence company specializing in technology-driven data capture and analysis to provide high-quality business and political intelligence. The company operates through subsidiaries including Dods Group Limited and Merit Data & Technology Limited, serving clients primarily in the UK and Europe. The website presents a professional image with clear business descriptions and subsidiary links, targeting business clients seeking data intelligence solutions. Technically, the site is built on WordPress, hosted on WP Engine with Cloudflare CDN, and uses common plugins and libraries such as jQuery and Genesis Blocks. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Privacy and cookie policies exist but lack advanced consent mechanisms, and no incident response or security policies are published. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

The website esab.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents access to any substantive content. As a result, no business-specific information, contact details, or policy documents are available for analysis. The site is protected by Cloudflare, but lacks a valid SSL certificate and modern TLS support, indicating a weak security posture. The DNS configuration shows standard use of Azure DNS and Outlook mail protection, but no advanced DNS security features such as DNSSEC or CAA are enabled. Overall, the site’s digital maturity and security posture are limited by the lack of accessible content and missing HTTPS encryption. Strategic improvements are necessary to enable secure access and provide transparency to visitors.

Y

YES BANK

yesbank.in

0

YES BANK is a major Indian financial institution providing a range of banking services including retail, corporate, and investment banking. The website content analyzed is minimal and primarily technical, with no visible privacy or cookie policies, contact information, or user-facing content. The domain and DNS data confirm the legitimacy of the bank's online presence. Technically, the site uses Oracle Cloud infrastructure and Akamai CDN, with multiple third-party analytics and advertising integrations. However, the absence of a valid SSL certificate is a critical security flaw, severely impacting the site's security posture and user trust. Security headers are well configured but cannot compensate for the lack of HTTPS. Privacy compliance is poor due to missing policies and consent mechanisms. Overall, the site requires urgent remediation of SSL issues and improved transparency in privacy and contact information to meet industry standards.