What is the security status of 366999.com?

366999.com has a security score of 51/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is 366999.com safe to use?

Our security scan shows 366999.com is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does 366999.com have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 51/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is 366999.com's trust score?

366999.com has a security score of 51/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

深

Is 366999.com Safe? Security Analysis for 深圳市若怀信息科技有限公司

https://366999.com

Check if 366999.com is a scam or legitimate. Free security scan and reviews.

RetailChinasmall

HTMLCSSJavaScriptBaidu AnalyticsGoogle Adsense

Analyzed 8/3/2025Completed 2:24:36 AM

Security Score

MEDIUM RISK

AI Summary

366999.com is a Chinese language content website focused on providing ideas and recommendations for male birthday gifts and creative small gifts. Operated by Shenzhen Ruohuai Information Technology Co., Ltd., the site targets Chinese consumers seeking gift inspiration, primarily through curated content and affiliate marketing links to popular e-commerce platforms such as Taobao and Tmall. The website has been active since 2011, indicating a mature presence in its niche market. Technically, the site uses standard HTML, CSS, and JavaScript with integrations for Baidu Analytics and Google Adsense for tracking and advertising. The site appears to be custom-built or uses an unknown CMS, with basic mobile optimization and moderate performance. SEO practices are basic but present, with meta tags and keyword usage aligned with the site's focus. From a security perspective, the site lacks advanced protections such as DNSSEC, security headers, and visible HTTPS enforcement in the provided data. No privacy or cookie policies are present, and contact information is minimal, limited to a Tencent QQ link and a search form. These gaps indicate a low maturity level in privacy compliance and security best practices, which could expose the site to risks and reduce user trust. Overall, the site is functional and serves its business purpose but would benefit from improvements in security, privacy compliance, and user trust signals to enhance its credibility and protect its users better.

Detected Technologies

HTMLCSSJavaScriptBaidu AnalyticsGoogle Adsense

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The website operates in the retail sector, focusing on gift ideas for men, particularly birthday gifts. Its business model relies on content marketing and affiliate partnerships with major Chinese e-commerce platforms. The site targets a niche audience of Chinese-speaking consumers looking for creative and suitable gifts for male recipients. The presence of multiple friendly links to related affiliate and partner sites suggests an ecosystem of content and commerce collaboration. The company behind the site is a small-sized technology information company based in Shenzhen, China, founded in 2011. The site’s market position is niche with moderate trust indicators such as ICP registration and company naming but lacks comprehensive policies and direct contact details, which may limit its competitive advantage.

Security Posture Analysis

Comprehensive Security Assessment

The security posture of 366999.com is basic and shows several areas for improvement. The domain is registered with a reputable registrar but lacks DNSSEC, which is a minor security concern. The website does not present any security headers such as Content Security Policy or X-Frame-Options, and there is no visible enforcement of HTTPS in the provided content, which could expose users to man-in-the-middle attacks. Forms on the site do not show anti-CSRF tokens or input validation, increasing risk of abuse. No incident response or security contact information is provided, indicating low readiness for security incidents. Privacy and cookie policies are absent, which is a compliance gap especially under GDPR or similar regulations. Overall, the site’s security maturity is low, and it should prioritize implementing modern security controls and compliance measures.

Strategic Recommendations

Priority Actions for Security Improvement

Enable and enforce HTTPS with HSTS to secure user connections.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

深圳市若怀信息科技有限公司

Description:

本站提供男生生日礼物,男友生日礼物,送男生的生日礼物,创意小礼品等，还有怎么送生日礼物,送什么生日礼物好的建议。

Key Services:

Gift idea contentSearchable Q&A on gift topicsAffiliate links to e-commerce platforms

Content Quality:

basic

Branding:

moderate

Technical Stack

Technologies:

HTMLCSSJavaScriptBaidu AnalyticsGoogle Adsense

Performance:

moderate

Mobile:

basic

Accessibility:

basic

SEO:

basic

Security Assessment

Security Score:

40/100

Analytics & Tracking

Services:

Baidu Analytics

Tracking Level:moderate

Privacy Compliance:poor

Advertising & Marketing

Ad Networks:

Google Adsense

Tracking Pixels:

Baidu Analytics

Transparency Level:basic

Website Quality Assessment

Design Quality:basic

User Experience:basic

Content Relevance:basic

Navigation Clarity:basic

Professionalism:basic

Trustworthiness:moderate

Key Observations

Website is a Chinese language content site focused on male birthday gift ideas and creative gifts.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100

Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Critical sector without clear security compliance

HIGH

Detected sectors: transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

40/100

Score

No SPF record found

HIGH

SPF helps prevent email spoofing

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

62/100

Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 81 days

Mixed Content Detected

MEDIUM

3 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

Domain Age

14 years(mature)

Expiry Risk

low(148 days)

Protection Level

noneDNSSEC OFF

Suspicious Indicators Detected

•No domain protection locks enabled

DNS Records

A Records:152.136.49.50

Name Servers:

sculptor.dnspod.net

variable.dnspod.net

MX Records:

5: mxbiz1.qq.com

5: mxbiz2.qq.com

SOA:Serial: 1752966106, TTL: 180s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:641ms

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a traditional web stack with HTML, CSS, and JavaScript, integrating Baidu Analytics and Google Adsense for tracking and monetization. The CMS or platform is not identified, suggesting a custom or less common solution. Performance is moderate with basic mobile responsiveness. SEO is basic with meta tags and keyword usage but could be improved with structured data and better accessibility features. Hosting and DNS are managed by DNSPod, a known Chinese DNS provider and registrar. The lack of DNSSEC and security headers indicates technical debt in security implementation. The site’s external linking strategy includes many affiliate and partner domains, which supports its business model but requires monitoring for security and reputation risks. Overall, the technical infrastructure is functional but dated and could benefit from modernization and security hardening.

Analyze Another Website

Is 366999.com a Scam? Security Check Results - 深圳市若怀信息科技有限公司 Reviews

Is 366999.com Safe? Security Analysis for 深圳市若怀信息科技有限公司

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing X-Frame-Options header

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

No Privacy Policy found

No Cookie Policy found

No Cookie Consent Banner found

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

Critical sector without clear security compliance

📧Email Security

Email Security

No SPF record found

No DKIM record found

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

No email authentication configured

🏆SSL/TLS Security

SSL/TLS Security

Weak Protocols Supported

OCSP Stapling Not Enabled

Certificate Transparency Not Implemented

SSL Certificate Expires Within 90 Days

Mixed Content Detected

Partial SSL/TLS Assessment

Protocol Support

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

Domain Transfer Lock Not Enabled

Domain Delete Lock Not Enabled

No DMARC Record

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

www.runmie.com