What is the security status of fhato.net?

fhato.net has a security score of 48/100, rated as Potentially Unsafe. The website may have security concerns that should be addressed.

Is fhato.net safe to use?

Our security scan shows fhato.net is Potentially Unsafe. SSL security issues detected. Always practice safe browsing habits.

Does fhato.net have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 48/100, the website is rated as Potentially Unsafe. However, websites can change over time, so always use updated security software.

What is fhato.net's trust score?

fhato.net has a security score of 48/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is fhato.net Safe? Security Analysis for Fhato

https://fhato.net

Check if fhato.net is a scam or legitimate. Free security scan and reviews.

TransportationFrancesmall

WordPressYoast SEO pluginContact Form 7Ultimate Social Media IconsSlider Revolution+7 more

Analyzed 10/4/2025Completed 5:07:07 AM

Security Score

HIGH RISK

AI Summary

Fhato is a specialized helicopter flight training center founded in 2021, targeting both private individuals and professional pilots primarily in France and Switzerland. The website presents a professional image with clear branding and offers key helicopter pilot licenses and training courses such as PPLH and CPLH. The business operates under the Groupe HBG umbrella, indicating a structured corporate backing. Technically, the site is built on WordPress using a modern theme and plugins for SEO, social media integration, and GDPR compliance. The site is hosted by OVH sas, a reputable provider, and uses HTTPS with a valid SSL certificate. Security posture is moderate with room for improvement in DNSSEC and security headers. Privacy compliance is supported by a cookie consent banner but lacks a visible privacy policy or terms of service. Overall, the site is functional, professional, and trustworthy with moderate tracking and analytics in place.

Detected Technologies

WordPressYoast SEO pluginContact Form 7Ultimate Social Media IconsSlider RevolutionjQueryGoogle Tag ManagerFacebook SDKComplianz GDPR pluginBurst Statistics pluginTatsu page builderOshine theme

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The company occupies a niche in the aviation training sector, focusing on helicopter pilot education. Its market positioning is regional with dedicated websites for France and Switzerland, indicating targeted localization. The business model revolves around training services for both private and commercial pilot licenses, with potential revenue streams from course fees and certifications. The presence of social media links and structured data suggests an effort to build brand awareness and trust. The company is small in size but benefits from association with Groupe HBG. No direct contact emails or phone numbers are publicly listed, which may limit direct customer engagement. The website content is relevant and professionally presented, supporting credibility.

Security Posture Analysis

Comprehensive Security Assessment

The website benefits from HTTPS encryption and a cookie consent mechanism compliant with GDPR. However, the absence of DNSSEC and security headers such as Content-Security-Policy and X-Frame-Options reduces its defense-in-depth. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. The use of multiple third-party plugins and scripts introduces potential attack surfaces, necessitating regular security audits. No signs of WAF or blocking mechanisms were detected, indicating open accessibility. Overall, the security posture is adequate for a small business website but could be enhanced to better protect user data and site integrity.

Strategic Recommendations

Priority Actions for Security Improvement

Publish a comprehensive privacy policy and terms of service to improve legal compliance and user trust.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Fhato

Description:

FHATO Flight Training Center, école de pilotage hélicoptère pour les particuliers ou les professionnels : PPLH, CPLH, QT, autres formations

Key Services:

PPLH (Private Pilot License Helicopter)CPLH (Commercial Pilot License Helicopter)QT (Qualified Training)Other helicopter pilot training courses

Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:

WordPressYoast SEO pluginContact Form 7Ultimate Social Media IconsSlider RevolutionjQueryGoogle Tag ManagerFacebook SDKComplianz GDPR pluginBurst Statistics pluginTatsu page builderOshine theme

Frameworks:

WordPress

Platforms:

WordPress CMS

Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:

65/100

Best Practices:

HTTPS enabled
Cookie consent mechanism implemented
No exposed sensitive data found in HTML

Analytics & Tracking

Services:

Google AnalyticsBurst Statistics

Tracking Level:moderate

Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:

Facebook SDK

Marketing Tools:

Burst Statistics

Transparency Level:good

Website Quality Assessment

Design Quality:good

User Experience:good

Content Relevance:good

Navigation Clarity:basic

Professionalism:good

Trustworthiness:moderate

Key Observations

Website is a WordPress-based helicopter flight training school site targeting French and Swiss markets.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100

Score

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

70/100

Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:mx.ovh.com ~all

DNS Lookups:1/10

Policy:~all

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100

Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 33 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:www.fhato.net

Issuer:E6

Valid Until:11/7/2025 (33 days)

SANs:fhato.net, multisite1.fhato.net, www.fhato.net +1 more

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age

4 years(established)

Expiry Risk

low(151 days)

Protection Level

moderateDNSSEC OFF

DNS Records

A Records:145.239.37.162

AAAA Records:2001:41d0:301::30

Name Servers:

dns108.ovh.net

ns108.ovh.net

MX Records:

1: mx1.mail.ovh.net

5: mx2.mail.ovh.net

100: mx3.mail.ovh.net

SOA:Serial: 2025091300, TTL: 60s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:69ms

SPF Analysis

SPF Record:

v=spf1 include:mx.ovh.com ~all

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100

Score

High-Risk Service Exposed: FTP

HIGH

Port 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer

Critical Service Exposed: Telnet

CRITICAL

Port 23 (Telnet) is publicly accessible - Telnet - Unencrypted remote access

High-Risk Service Exposed: NetBIOS

HIGH

Port 139 (NetBIOS) is publicly accessible - NetBIOS - Windows file sharing

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on WordPress with a modern theme (Oshine) and uses popular plugins such as Yoast SEO, Contact Form 7, and Complianz for GDPR compliance. It integrates Google Analytics and Facebook SDK for tracking and marketing purposes. The site loads multiple JavaScript libraries including jQuery and various vendor scripts for UI enhancements. Hosting is provided by OVH sas, a well-known European provider. The site is mobile optimized and uses responsive design techniques. Performance is moderate, with potential improvements in caching and script optimization. Accessibility features are basic but present. SEO is supported by meta tags, Open Graph, and JSON-LD structured data. Overall, the technical infrastructure is solid but could benefit from performance tuning and enhanced security configurations.

How did we do?

Your feedback directly shapes our roadmap. Rate the quality of this report, leave an optional comment, and let us know if you want our security specialists to follow up.

Analyze Another Website

Is fhato.net a Scam? Security Check Results - Fhato Reviews

Is fhato.net Safe? Security Analysis for Fhato

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Strict-Transport-Security header

Missing X-Frame-Options header

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

No Privacy Policy found

Third-party services without privacy policy

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

Critical sector without clear security compliance

📧Email Security

Email Security

No DKIM record found

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

🏆SSL/TLS Security

SSL/TLS Security

SSL Certificate Expires Within 90 Days

Weak SSL Key Length

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

No DMARC Record

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

High-Risk Service Exposed: FTP

Critical Service Exposed: Telnet

High-Risk Service Exposed: NetBIOS

Critical Service Exposed: MySQL

🔧Technical Analysis

Technical Analysis

Additional Findings

—out of 5