Get insight in the vulnerability level of your technical infrastructure


Together we make the internet even safer in the Netherlands.


Offer the scan as an extra service to your resellers!

Working together to make the internet secure

SIDN, RA, .nl registrars and hosting firms
Improving and maintaining the security of the Dutch internet is a shared responsibility. And secure hosting environments for websites and applications are vital elements of a secure internet landscape. However, in order to improve the security of your technical infrastructure, you need a clear picture of its current cybersecurity status. That in turn implies having your platform scanned for vulnerabilities. Unfortunately, such scans are expensive and therefore uneconomical for many firms.
SIDN, the Registrars' Association and ThreadStone have therefore linked up to create the Hosting Infrascan. So .nl registrars and hosting firms can now have their technical infrastructures checked over for security flaws at a very low price. The only charge is a small fee for each scanned server. A user-friendly dashboard lets you see immediately where improvements are needed to further enhance the security of your set-up.

Small fee per server

Because SIDN attaches great importance to the security of the .nl domain, SIDN will bear most of the cost of your Hosting Infrascan. By making the scan affordable for all, the aim is to maximise take-up and therefore impact. The only cost to you will be a small fee for each scanned server. The reason for asking you to make that contribution is that we want to incentivise all scan users to act on the data provided.There is a one-off set-up fee of €50, plus a charge per server, starting at €2.50. For that, we scan your servers twice for vulnerabilities: once at the start of the service period, and for the second time on a date that you arrange with us. The fees and charges are exclusive of VAT.
Setup fee
/ one-off
Per server, starting at
/ per server


Frank Buschman

proprietor of Smeders Internet

Our customers expect high levels of service availability and security. So we were looking at options for having our systems periodically tested by an independent body. When we heard about the Hosting Infrascan, it looked like the answer.
We thought that our systems were in good shape, and fortunately the scan confirmed that. All the same, a fair number of minor issues were found, which together were enough to make the exercise worthwhile. Many of them were down to us supporting TLS1.0, so we've stopped that now.

Review our webinar (NL)

Thursday, September 17, 2020 we organized a webinar in which we told all about the hosting infrascan.

Status information provides a basis for improving security

As a hosting service provider and/or registrar, you're an important player on the Dutch internet. And the Hosting Infrascan has been created specifically for you: a clear picture of your platform's cybersecurity status is now available at very low cost.

What does the Hosting Infrascan involve?

  • Two scans of your infrastructure to check for vulnerabilities
  • Sophisticated platform analysis covering 120,000 potential weaknesses
  • Management reports to enhance decision-makers’ overall insight and control
  • Technical reports to help ICT professionals implement improvements
  • Technical reports are also suitable for audit purposes

Who is the Hosting Infrascan aimed at?

The Hosting Infrascan has been developed for anyone who hosts .nl domain names. So it's intended both for .nl registrars who also provide hosting services, and for hosting firms who obtain domain name services through .nl registrars.

If you're a registrar, you can have your own infrastructure scanned, or offer scanning to your resellers as a commercial service. The Hosting Infrascan provides the insight you need to further enhance the security of your platform. It therefore represents an opportunity to excel in cybersecurity, which is an increasingly decisive selling point.

Key features of the Hosting Infrascan:

  • Independent analysis of any vulnerabilities your infrastructure may have
  • Immediate results overview on a clear, user-friendly dashboard
  • Multiple vulnerability views to facilitate rapid, effective issue resolution
  • Comprehensive information for vulnerability mitigation
  • Independent reports suitable for sharing with customers, internal executives, external regulators and others
  • Manual IP address entry based on data import
  • Coverage of both IPv4 and IPv6
  • Commercial opportunities for registrars, who can offer scans to resellers

How to get involved

Like the sound of the Hosting Infrascan? Act now!
  • 1

    Register for the scan

    Simply complete the registration form on this website.

  • 2

    We'll send your account details

    Once we've got your registration form, we'll send the account details you need for logging in to the portal. On the portal you can manage your own details or -- if you're offering the Hosting Infrascan to your resellers -- the details of hosting firms you want to arrange scans for.

  • 3

    Enter server details and initiate scans

    You can start scanning your own infrastructure immediately. If you're working with resellers, you can enter their details straight away and specify the servers to be scanned twice a year. Then leave the rest to us!

  • 4

    Mitigate and check

    As a hoster, you can review the results of the scan and then mitigate the vulnerabilities that may have been identified. Then request the 2nd scan and make sure that the changes you've made have the effect you want. If you want to have additional scans performed after this, you can purchase them (additional cost).


Working together for maximum impact

By working together, we can boost internet security in the Netherlands.

High-grade scanning

The Hosting Infrascan is very thorough. Your platform will be checked over for more than 120,000 potential weaknesses. And we're adding to the list of check items every day.

Low cost

Because SIDN bears most of the cost, the Hosting Infrascan is very affordable.

Commercial opportunity for registrars

You're welcome to offer the Hosting Infrascan to your customers in the hosting sector. You therefore have the opportunity to expand your service portfolio and to improve your customers' server security in the process.

User-friendly portal

The portal has been developed in close consultation with two top-ten registrars/hosting firms. As well as providing a clear status overview, the portal is designed to encourage improvement.

Ethical hacker support

Not sure what to do about the findings? ThreadStone's ethical hackers can help you resolve any issues flagged up by the Hosting Infrascan. Ethical hacker support is billed retrospectively, on the basis of the actual time input.

Parties involved


SIDN manages the .nl domain.

Vereniging van Registrars

the Registrars' Association

The VvR represents about 1,200 members (SIDN's customers).

ThreadStone Cyber Security

ThreadStone provides vulnerability scanning solutions, including bulk scanning.

Frequently asked questions

We understand that you can have some questions. Below are the most common questions listed.

1. What does the scan look at?

When scanning your servers, ThreadStone checks things such as the firewall and server ports. Any detected vulnerabilities in underlying systems are then reported to you. That might include issues with SSL certificates, firewall ports that shouldn’t be open but are, outdated operating systems and so on.

2. What does scanning involve?

ThreadStone’s scanners send requests to the IP addresses that you specify. The responses are then analysed for indicators of known vulnerabilities. Details of all the vulnerabilities detected are reported on your personal online dashboard.

3. What data do you collect?

Details of all the vulnerabilities that ThreadStone’s scan is able to detect are shared with you. ThreadStone doesn’t collect any data about your business, your customers or anything like that. However, if obtainable, data may be collected about things such as which operating systems and applications you use, and which versions. No operating system or application source code is collected. ThreadStone will alert you if source code is found to be accessible from the internet, though.

4. What impact will scanning have on our systems?

ThreadStone’s scanners are configured to minimise the risk of harming scanned networks or interfering with network performance. The service involves only the detection and reporting of vulnerabilities; no attempt is made to exploit detected vulnerabilities. With risk minimisation in mind, ThreadStone sends requests to your systems at a relatively low rate – the average is about fifteen requests per second. The two large registrars that took part in a pilot of the Hosting Infrascan reported that, in practice, the scans had no discernible impact.

It’s also important to bear in mind that ThreadStone performs the scans via the internet. Anything that ThreadStone does could in principle be done by anyone else – including unauthorised parties acting without your knowledge. It’s impossible to say what kind of scanners such parties might use, or what impact they might have. The Hosting Infrascan will enable you to improve your resilience to the activities of unauthorised parties by providing a picture of your current situation.

5. All our servers are the same. Instead of getting them all checked, can't we have, say, five checked?

In practice, apparently identical servers can have configuration differences. That can happen if, for example, someone within an organisation makes a manual change to one of them. Or if there’s an update hitch that just affects one server, or some of them. Differences can arise for other reasons, too.
Scanning a sample set of servers can therefore lead to issues being missed and to a false sense of security. It’s very hard to be sure that all your servers are in fact identical, so we think it’s better to be safe than sorry.

6. What scanner(s) do you use?

ThreadStone specialises in vulnerability scanning. The company has developed the unique ThreadScan platform in collaboration with TNO. The Hostinginfrascan makes use of the scan engines developed for that award-winning product. They are capable of scanning websites and servers for more than 120,000 potential vulnerabilities.

7. How will your scanners use the IP address list that we provide?

In order to minimise the impact risk, ThreadStone performs scans sequentially. That means scanning one system at a time before moving on to the next.

8. Where are the scans performed from?

ThreadStone’s servers are located in the Netherlands and Germany. The IP address is (IPv6: 2a01:7c8:aac7:112::1). All the data that ThreadStone collects is stored on extremely secure servers in the Netherlands. The infrastructure and the ThreadScan solution have been audited by TNO, Northwave, Deloitte, KPN and others.

9. How long does a scan take?

Scan duration depends on the complexity of the server being scanned. It’s typically anything between fifteen minutes and twenty-four hours per server. In exceptional cases – if a system responds very slowly, for example – scanning can take longer. However, the average is about one hour per server.

Scanning can’t be hurried, because the work needs to be done ‘quietly’. If ThreadStone sent frequent simultaneous requests, the scan might trigger the scanned system’s firewall or intrusion detection system to block the scan. The reported results would then be incomplete.

10. What about our IDP/IDR system?

The fully automated scan tries to ‘look around’ your firewall to see what services are available from the IP address you provide. The aim is to check for vulnerabilities in those services. Generally speaking, ThreadStone’s scanners will submit more requests to your network than would be sent in the course of normal use. As a result, an intrusion detection system (IDS) or a more sophisticated firewall may regard the scan as suspicious and therefore block it. In that case, ThreadStone will report that a firewall/IDS has stopped the scan prior to completion.

Therefore, even if you don’t whitelist ThreadStone’s IP addresses, the scan will at least tell you that your IDS/firewall is doing the first part of its job properly by blocking potentially intrusive scanning of your systems.

11. So why should we whitelist ThreadStone's IP addresses?

If a hacker wants to gain access to an environment, they too start by performing a vulnerability scan, just as ThreadStone does. The results will be as illustrated above. The hacker can then manually probe commonly used ports (20, 25, 80, 443, etc) for vulnerabilities. If you don’t whitelist ThreadStone, and the scan is blocked, you won’t know whether those ports have vulnerabilities that a hacker might exploit. Your first line of defence (IDS/firewall) may be working well, keeping out the many hackers who content themselves with using automated vulnerability scans to look for easy pickings. However, for many organisations, keeping those hackers at bay is the easy part of system protection. Because more sophisticated hackers will go to great lengths to crack the defences of attractive targets. Keeping out those hackers too depends on knowing about your vulnerabilities, and that’s only possible if you whitelist ThreadStone. So make sure that the IP-addresses of our scanner (IPv6: 2a01:7c8:aac7:112::1) is on the whitelist.

12. Can we interrupt a scan?

You can’t halt a scan yourself. However, if a scan is causing problems for your production environment, you can contact ThreadStone any time to ask for the scan to be aborted.

13. Can we have other parts of our infrastructure besides our web servers – e.g. firewalls and routers that are also publicly accessible from the internet – checked for vulnerabilities?

In principle, any system with an IP address or URL can be checked. However, the scan only covers infrastructure components. Web pages are not checked for vulnerabilities.

14. How do we let you know which servers we want checked?

We’ll create an account for you and send you details for logging in to the portal. Once you’re logged in, you can define hosters. For each hoster, you can create multiple users.

Once you’ve created a hoster, you can define the associated IP addresses to be scanned, either by entering the addresses manually, or by importing a CSV file. In each case, you can indicate what type of scan is required (a web server scan or an infrastructure scan of a firewall’s public IP addresses) and set the scan start date and time. Once you’ve accepted the terms and conditions, we’ll schedule the scans for the requested dates and times.

After scanning, ThreadStone will make the results available via the portal, complete with score details. In order to view vulnerability details for an individual server, you need to be logged into the account for the relevant hoster.


15. In the first scan almost no vulnerabilities were found so I don't need to have the second scan performed at this time. Can I have it done at a later date?

Yes, this is possible. As long as SIDN supports this project, you can have the second scan performed at a later date. Request the 2nd scan via the application form.


16. Is it possible to have the 2nd scan performed on other servers than the first scan?

No, this is not possible. Please request a new hostinginfrascan for the new servers.