Skip to main content

Is access-ci.org a Scam? Security Check Results - ACCESS Reviews

A

Is access-ci.org Safe? Security Analysis for ACCESS

https://access-ci.org

Check if access-ci.org is a scam or legitimate. Free security scan and reviews.

GovernmentUnited Statesmedium
WordPress 6.8.2jQuery 3.7.1Google Tag ManagerGoogle reCAPTCHA v3FontAwesome 6.3.0+5 more
Analyzed 8/2/2025Completed 8:38:00 PM
43
Security Score
HIGH RISK

Security scan incomplete. 3 out of 9 security checks failed to complete. The website may be inaccessible or protected by security measures. Please retry the scan or verify the website is accessible.

AI Summary

ACCESS is a U.S. National Science Foundation funded program designed to provide researchers, educators, and the cyberinfrastructure community with free access to advanced computing resources. The website clearly targets scientific and educational audiences, offering resources, support, and community engagement to advance research capabilities. The program is positioned as a successor to the XSEDE project, emphasizing innovation in cyberinfrastructure. Technically, the site is built on WordPress with modern plugins and tracking tools, showing a moderate to good level of digital maturity. The site is mobile optimized and uses HTTPS with reCAPTCHA for form security, but lacks some advanced security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional, trustworthy, and well-branded with clear NSF affiliation.

Detected Technologies

WordPress 6.8.2jQuery 3.7.1Google Tag ManagerGoogle reCAPTCHA v3FontAwesome 6.3.0Ultimate Blocks pluginSimple Lightbox pluginPost Draft Preview pluginAdvanced iFrame pluginYoast SEO plugin

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

ACCESS operates as a government-funded initiative focusing on providing free access to national advanced computing resources. Its business model is non-commercial, aimed at supporting scientific research and education. The program targets multiple user groups including researchers, educators, graduate students, and resource providers. The website serves as a portal for information, support, and community engagement. The presence of NSF branding and official logos enhances credibility. The program is relatively new, founded in 2021, and is positioned as a key player in the U.S. cyberinfrastructure ecosystem. Partnerships with NSF and related organizations are evident, though no commercial partnerships or subsidiaries are listed.

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a basic to moderate security posture. HTTPS is enforced, and Google reCAPTCHA v3 is implemented on forms to prevent abuse. However, DNSSEC is not enabled, and no explicit security headers such as Content-Security-Policy or Strict-Transport-Security are detected, which are recommended best practices. There is no publicly available security policy, incident response plan, or vulnerability disclosure statement, which limits transparency and preparedness. No sensitive data is exposed in the HTML content. Overall, the security posture is adequate for a government informational site but could be improved to meet higher standards and compliance requirements.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

ACCESS

Description:

ACCESS is a program established and funded by the U.S. National Science Foundation to help researchers and educators utilize the nation’s advanced computing systems and services at no cost to users. It supports advanced computational resources, resource providers, and the cyberinfrastructure community.

Key Services:
Access to advanced computing systemsSupport for researchers and educatorsResource provider collaborationCommunity engagement and education
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
WordPress 6.8.2jQuery 3.7.1Google Tag ManagerGoogle reCAPTCHA v3FontAwesome 6.3.0Ultimate Blocks pluginSimple Lightbox pluginPost Draft Preview pluginAdvanced iFrame pluginYoast SEO plugin
Frameworks:
WordPress
Platforms:
Web
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
65/100
Best Practices:
  • HTTPS enforced
  • Google reCAPTCHA v3 on forms
  • No exposed sensitive data in HTML
  • Use of security nonce tokens in forms

Analytics & Tracking

Services:
Microsoft ClarityGoogle Analytics
Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Tracking Pixels:
Microsoft ClarityGoogle Analytics (via GTM)
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is a government-funded research program site with clear NSF affiliation.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

0/100
Score
Analysis failed - content could not be retrieved

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

0/100
Score
Analysis failed - content could not be retrieved

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

0/100
Score
Analysis failed - content could not be retrieved

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

75/100
Score

DMARC not enforcing

MEDIUM

DMARC policy is set to "none"

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:_spf.google.com ~all
DNS Lookups:1/10
Policy:~all
DKIM Selectors Found
Selector:google(1296-bit rsa)
DMARC Details
Policy:none
Aggregate Reports:rpayne@access-ci.org

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 54 days

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

DMARC Policy Set to None

LOW

DMARC is configured but not enforcing any policy

Domain Registration Details

Domain Age
4 years(established)
Expiry Risk
none(646 days)
Protection Level
basicDNSSEC OFF

DNS Records

A Records:18.220.149.166
Name Servers:
charon.psc.edu
dns1.ncsa.illinois.edu
dns2.ncsa.illinois.edu
MX Records:
1: ASPMX.L.GOOGLE.com
5: ALT1.ASPMX.L.GOOGLE.com
5: ALT2.ASPMX.L.GOOGLE.com
10: ALT3.ASPMX.L.GOOGLE.com
10: ALT4.ASPMX.L.GOOGLE.com
SOA:Serial: 2025073001, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:294ms

SPF Analysis

SPF Record:
v=spf1 include:_spf.google.com ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

40/100
Score

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on WordPress 6.8.2 with a variety of plugins including Yoast SEO, Ultimate Blocks, Simple Lightbox, and Advanced iFrame. It uses jQuery 3.7.1 and FontAwesome 6.3.0 for UI elements. Google Tag Manager and Microsoft Clarity are used for analytics and user behavior tracking. The site is mobile responsive with good SEO metadata including Open Graph and JSON-LD structured data. Performance is moderate, with no major issues detected. The site lacks DNSSEC and some security headers, which are technical debt areas. Overall, the technical infrastructure is modern and well-maintained but could benefit from additional security hardening and privacy enhancements.
Analyze Another Website