Skip to main content

Is abgcym.com a Scam? Security Check Results - 阳光旅行网 Reviews

abgcym.com favicon

Is abgcym.com Safe? Security Analysis for 阳光旅行网

https://abgcym.com

Check if abgcym.com is a scam or legitimate. Free security scan and reviews.

HospitalityChinamedium
jQuery 1.5.2jQuery 2.1.1JavaScriptCSSHTML5
Analyzed 8/3/2025Completed 9:19:53 AM
42
Security Score
HIGH RISK

AI Summary

阳光旅行网 is a Chinese travel booking and information platform offering a wide range of travel services including group tours, self-guided tours, hotel and flight bookings, and travel news. The website targets general travelers in China and provides comprehensive travel-related content and booking options. The platform appears to be relatively new, with domain registration dating from 2023, and is hosted by Alibaba Cloud, a reputable provider. The website uses the Destoon CMS and includes multiple regional subdomains to cater to different cities and regions within China. Technically, the site employs standard web technologies such as jQuery and JavaScript, though some libraries are outdated, which may pose security risks. Mobile optimization is basic but functional.

Detected Technologies

jQuery 1.5.2jQuery 2.1.1JavaScriptCSSHTML5

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The business operates in the hospitality and transportation sectors, focusing on travel services within China and internationally. It positions itself as a leading domestic travel website with a broad service portfolio including tours, hotel bookings, and ticketing services. The business model is primarily online travel booking and information dissemination. The site links to multiple partner domains, indicating a networked ecosystem. However, the absence of explicit contact information and privacy compliance mechanisms may affect user trust and regulatory compliance. The company appears medium-sized and founded recently, with no parent or subsidiary companies identified.

Security Posture Analysis

Comprehensive Security Assessment

The website has HTTPS enabled, which is a fundamental security requirement. However, it lacks DNSSEC, security headers, and up-to-date JavaScript libraries, which are important for enhancing security posture. No incident response or vulnerability disclosure policies are found, and no dedicated security contact channels are provided. The absence of cookie consent mechanisms indicates potential non-compliance with privacy regulations such as GDPR. Overall, the security maturity is moderate but could be significantly improved by implementing standard security best practices and compliance measures.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC to improve domain name system security.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

阳光旅行网

Description:

阳光旅行网,国内最好的旅游网站,为您提供国内自助游,跟团游报价,自由行,周边游,自驾游,旅游报团,境外旅游,景点门票预订,特价机票预订,火车票预订,酒店预订及价格查询服务,私人定制旅游线路,千万用户旅行信赖之选!

Key Services:
group toursself-guided tourssurrounding tourscustom tourscruise tourstheme toursdomestic toursinternational tourshotel bookingflight booking
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuery 1.5.2jQuery 2.1.1JavaScriptCSSHTML5
Performance:

moderate

Mobile:

basic

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
55/100
Best Practices:
  • HTTPS enabled

Analytics & Tracking

Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Baidu linksubmit push.js
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is a Chinese travel booking and information platform with multiple service categories.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

62/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 63 days

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
2 years(established)
Expiry Risk
low(221 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:103.41.80.51
Name Servers:
ns1.jmdns.comWHOIS only
ns1.julydns.comDNS only
ns2.jmdns.comWHOIS only
ns2.julydns.comDNS only

DNSSEC Status

DNSSEC Not Enabled

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

High-Risk Service Exposed: FTP

HIGH

Port 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on the Destoon CMS platform and uses jQuery versions 1.5.2 and 2.1.1, indicating some legacy code presence. The hosting is provided by Alibaba Cloud, ensuring reliable infrastructure. The site includes multiple CSS and JavaScript files for styling and functionality, with some conditional loading for older Internet Explorer versions. Performance is moderate with basic mobile optimization. SEO is supported by meta tags and structured navigation. However, the lack of modern frameworks and accessibility features suggests opportunities for modernization and technical debt reduction.
Analyze Another Website