Skip to main content

Is apartments.com a Scam? Security Check Results - Apartments.com Reviews

A

Is apartments.com Safe? Security Analysis for Apartments.com

https://apartments.com

Check if apartments.com is a scam or legitimate. Free security scan and reviews.

Real EstateUnited Stateslarge
Google Tag ManagerGoogle AnalyticsGoogle Maps APIGoogle ReCaptchaBoomerang (performance monitoring)+4 more
Analyzed 9/4/2025Completed 10:14:51 PM
57
Security Score
MEDIUM RISK

AI Summary

Apartments.com is a leading online real estate rental marketplace focused on apartments, homes, townhomes, and condos for rent primarily in the United States. Owned by CoStar Group, the platform offers comprehensive rental listings, online application and lease signing capabilities, and property management tools. The website targets renters and property managers, providing extensive market data, calculators, and resources to facilitate rental decisions and property management. The brand is well-established with a large market presence and multiple subsidiary and partner sites under the CoStar umbrella. Technically, Apartments.com employs a modern and robust technology stack including Google Analytics, Google Tag Manager, Google Maps API, ReCaptcha, and performance monitoring tools like Boomerang. The site is hosted on a high-performance CDN likely Akamai, ensuring fast load times and excellent mobile optimization. The website is well-structured with strong SEO and accessibility features, providing a professional and user-friendly experience. From a security perspective, the site enforces HTTPS, uses ReCaptcha for bot mitigation, and implements cookie consent via OneTrust, demonstrating good privacy compliance and user protection. However, explicit security headers and a public security policy or incident response contacts are not evident, representing areas for improvement. The WHOIS data is unavailable due to query limitations, but the website's legitimacy is supported by its association with CoStar Group and consistent trust signals. Overall, Apartments.com presents a secure, professional, and comprehensive platform for rental listings and property management with strong business credibility and technical maturity. Strategic recommendations include enhancing security header implementation, publishing a security policy, and establishing a vulnerability disclosure program to further strengthen trust and compliance.

Detected Technologies

Google Tag ManagerGoogle AnalyticsGoogle Maps APIGoogle ReCaptchaBoomerang (performance monitoring)Pusher (real-time messaging)Sift (fraud detection)OneTrust (cookie consent)RequireJS (JavaScript module loader)

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Apartments.com holds a dominant position in the US rental market as part of CoStar Group's portfolio, leveraging a broad network of subsidiary brands and partner sites to capture diverse rental segments. Its business model combines marketplace listings with SaaS-like property management tools, generating revenue from advertising, listing fees, and value-added services. The platform targets renters seeking convenient, comprehensive rental search and application processes, as well as property managers requiring efficient management solutions. Growth is supported by extensive market data, mobile apps, and integration with analytics and marketing tools. Partnerships with related real estate platforms enhance reach and service offerings, positioning Apartments.com as a comprehensive rental ecosystem.

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

+1888658****

Physical Addresses (1)

3438 Peachtree Road NE, Suite 1500, Atlanta, GA, 30326, US

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a mature security posture with mandatory HTTPS, bot protection via Google ReCaptcha, and user privacy controls through OneTrust cookie consent. The absence of explicit security headers such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options suggests room for improvement in defense-in-depth. No exposed sensitive data or vulnerable libraries were detected in the HTML content. The lack of a published security policy or incident response contact limits transparency and readiness communication. Overall, the security measures are strong but could be enhanced by adopting additional HTTP headers and formalizing vulnerability disclosure and incident response processes.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement and enforce security headers including CSP, HSTS, and X-Frame-Options to strengthen browser security.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Apartments.com

Description:

Find apartments, homes, townhomes and condos for rent in your area. Compare up to date rates and availability, HD videos, high resolution photos, pet policies and more!

Key Services:
Apartment, house, condo, townhome rental listingsOnline rental applications and lease signingProperty management toolsRental market trends and calculators
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
Google Tag ManagerGoogle AnalyticsGoogle Maps APIGoogle ReCaptchaBoomerang (performance monitoring)Pusher (real-time messaging)Sift (fraud detection)OneTrust (cookie consent)RequireJS (JavaScript module loader)
Frameworks:
RequireJS
Platforms:
Web desktopMobile apps (iOS and Android)
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

excellent

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • Google ReCaptcha enabled
  • Cookie consent via OneTrust
  • No exposed sensitive data in HTML
  • Secure forms with validation

Analytics & Tracking

Services:
Google AnalyticsComscoreSiftMazeTag
Tracking Level:extensive
Privacy Compliance:good

Advertising & Marketing

Ad Networks:
Google DoubleClick
Tracking Pixels:
ComscoreSift
Marketing Tools:
PusherMazeTag
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and no blocking detected.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

0/100
Score
Analysis failed - content could not be retrieved

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

73/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 ip4:66.231.92.15 ip4:50.28.24.60 include:costar.com include:sendgrid.net ~all
DNS Lookups:2/10
Policy:~all
DKIM Selectors Found
Selector:selector1(1416-bit rsa)
Selector:s1(1440-bit rsa)
DMARC Details
Policy:reject
Aggregate Reports:dmarc_agg@dmarc.everest.email

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

90/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

DNS Records

A Records:23.59.49.247
Name Servers:
a1-73.akam.netDNS only
a22-64.akam.netDNS only
a3-65.akam.netDNS only
a4-66.akam.netDNS only
a6-67.akam.netDNS only
a9-64.akam.netDNS only
MX Records:
10: costar-com.mail.protection.outlook.com
SOA:Serial: 2025090301, TTL: 60s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:45ms

SPF Analysis

SPF Record:
v=spf1 ip4:66.231.92.15 ip4:50.28.24.60 include:costar.com include:sendgrid.net ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

Apartments.com is built on a modern web technology stack utilizing asynchronous JavaScript loading, module loaders (RequireJS), and integration with multiple third-party services for analytics, performance monitoring, and marketing. The site leverages Google Maps API for geolocation features and uses a CDN (likely Akamai) for content delivery, ensuring fast performance and scalability. Mobile optimization is excellent with dedicated iOS and Android apps promoted. The site architecture supports rich content, dynamic search, and user account management. Technical risks are minimal, but reliance on multiple third-party scripts necessitates ongoing security and performance monitoring to mitigate potential vulnerabilities or performance degradation.
Analyze Another Website