Skip to main content

Is neoncrm.com a Scam? Security Check Results - Neon One Reviews

neoncrm.com favicon

Is neoncrm.com Safe? Security Analysis for Neon One

https://neoncrm.com

Check if neoncrm.com is a scam or legitimate. Free security scan and reviews.

Non-profitN/amedium
WordPress CMSjQueryCloudflare DNSGoogle Tag ManagerGoogle Analytics+6 more
Analyzed 9/5/2025Completed 7:28:00 AM
67
Security Score
MEDIUM RISK

AI Summary

Neon One is a software company specializing in providing comprehensive software solutions tailored for nonprofit organizations. Their platform aims to help nonprofits scale their impact and achieve sustainability through donor management, fundraising, and event management tools. The company positions itself as a leading provider in the nonprofit software ecosystem, targeting nonprofit organizations as its primary audience. Founded in 2016, Neon One has established a medium-sized presence with a professional and consistent brand image. Technically, the website is built on WordPress and leverages a variety of modern marketing and analytics tools including Google Analytics, Google Tag Manager, Visual Website Optimizer, Pardot, Drift, and AdRoll. The site is hosted with Cloudflare DNS and uses HTTPS, ensuring secure communications. The website demonstrates good SEO and mobile optimization, although accessibility features appear basic. Security posture is solid with HTTPS and domain management best practices, but lacks DNSSEC and explicit security headers. Privacy compliance is partial, with cookie consent implemented but no visible privacy policy or terms of service in the provided HTML. Overall, the website is professional, trustworthy, and well-positioned in its market segment.

Detected Technologies

WordPress CMSjQueryCloudflare DNSGoogle Tag ManagerGoogle AnalyticsVisual Website Optimizer (VWO)CookieYes (cookie consent)Wistia (video hosting)Drift (chatbot/live chat)Pardot (marketing automation)AdRoll (retargeting)

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Neon One operates in the nonprofit software sector, offering SaaS solutions that integrate donor management, fundraising, and event management functionalities. Their market positioning as a leading provider is supported by a consistent brand and a comprehensive software ecosystem. The business model is subscription-based software services targeting nonprofit organizations. The company leverages partnerships with marketing automation and analytics platforms to enhance customer engagement and conversion. The absence of direct contact information on the homepage suggests a focus on inbound digital marketing channels. The company maintains active social media profiles on Facebook and LinkedIn, reinforcing its market presence. The domain age and WHOIS data align with the company's founding date, indicating a stable and legitimate operation.

Security Posture Analysis

Comprehensive Security Assessment

The website enforces HTTPS, uses domain status locks to prevent unauthorized domain changes, and implements a cookie consent mechanism, reflecting a baseline security posture. However, DNSSEC is not enabled, which is a recommended best practice to protect against DNS spoofing. The absence of explicit security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options in the HTML source is a security gap that could expose the site to certain web-based attacks. The extensive use of third-party scripts and marketing tools increases the attack surface and necessitates regular security audits. No evidence of incident response policies, vulnerability disclosure, or security certifications was found, indicating potential areas for improvement in security governance and transparency.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing attacks.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Neon One

Description:

Scale your impact and achieve maximum sustainability with Neon One, the leading provider of nonprofit software and services.

Key Services:
Nonprofit software solutionsDonor managementFundraising toolsEvent management
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
WordPress CMSjQueryCloudflare DNSGoogle Tag ManagerGoogle AnalyticsVisual Website Optimizer (VWO)CookieYes (cookie consent)Wistia (video hosting)Drift (chatbot/live chat)Pardot (marketing automation)AdRoll (retargeting)
Frameworks:
Yoast SEO plugin
Platforms:
WordPress
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enforced
  • Domain status includes clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
  • Cookie consent mechanism implemented

Analytics & Tracking

Services:
Google AnalyticsGoogle Tag ManagerVisual Website Optimizer (VWO)
Tracking Level:extensive
Privacy Compliance:basic

Advertising & Marketing

Ad Networks:
Google AdsAdRoll
Tracking Pixels:
Visual Website Optimizer (VWO)LinkedIn PixelAdRoll
Marketing Tools:
PardotDriftWistia
Transparency Level:good

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is professionally designed and well-branded for nonprofit software services

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

35/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Weak Referrer-Policy configuration

LOW

Current value: "same-origin"

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

58/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
DNS Lookups:1/10
Policy:~all
DKIM Selectors Found
Selector:google(1416-bit rsa)
Selector:k1(1296-bit rsa)
Selector:k2(1416-bit rsa)
DMARC Details
Policy:quarantine
Aggregate Reports:dmarc_agg@vali.email

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 53 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:neonone.com
Issuer:WE1
Valid Until:10/29/2025 (53 days)
SANs:neonone.com, *.neonone.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:172.66.164.112, 104.20.28.46
AAAA Records:2606:4700:10::6814:1c2e, 2606:4700:10::ac42:a470
Name Servers:
amanda.ns.cloudflare.comDNS only
quincy.ns.cloudflare.comDNS only
MX Records:
1: aspmx.l.google.com
10: alt3.aspmx.l.google.com
10: alt4.aspmx.l.google.com
5: alt1.aspmx.l.google.com
5: alt2.aspmx.l.google.com
SOA:Serial: 2380022341, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:83ms

SPF Analysis

SPF Record:
v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on WordPress CMS with a modern tech stack including jQuery and various marketing and analytics integrations such as Google Tag Manager, Google Analytics, Visual Website Optimizer, Pardot, Drift, and AdRoll. Hosting and DNS are managed via Cloudflare, providing CDN and DNS services. The site shows moderate performance with good mobile optimization and SEO practices, including use of Yoast SEO plugin and structured data (JSON-LD). Accessibility features are basic and could be enhanced. The extensive use of third-party scripts requires careful management to avoid performance degradation and security risks. Overall, the technical infrastructure supports a professional and scalable online presence but could benefit from improvements in security headers and accessibility.
Analyze Another Website