Is cheyunhui.com Safe? Security Analysis for Chengdu West Dimension Digital Technology Co., Ltd.
Check if cheyunhui.com is a scam or legitimate. Free security scan and reviews.
AI Summary
云车智汇 operates as a specialized online marketplace for used cars in China, providing a comprehensive platform for buying, selling, and researching used vehicles. The website offers extensive listings of used cars, dealer information, automotive news, exhibitions, and franchise opportunities, targeting a broad general audience interested in the automotive sector. The business is relatively new, founded in 2023, and registered under Chengdu West Dimension Digital Technology Co., Ltd., indicating a focused and regionally consistent operation. Technically, the website is built on a CMS platform likely Destoon, utilizing JavaScript and jQuery for interactivity. The site is moderately optimized for performance and mobile use, with good SEO practices evident from meta tags and structured navigation. However, accessibility features are basic, and there is room for improvement in modernizing the tech stack and enhancing mobile responsiveness. From a security perspective, the site uses HTTPS but lacks DNSSEC and visible security headers, which are important for protecting users and data integrity. There is no evidence of published security policies or incident response contacts, and cookie consent mechanisms are absent, indicating potential compliance gaps with privacy regulations such as GDPR. No critical vulnerabilities or blocking mechanisms were detected, and the domain registration is consistent and legitimate. Overall, the website presents a professional and trustworthy platform for used car trading in China but would benefit from enhanced security practices, privacy compliance improvements, and technical modernization to strengthen its market position and user trust.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
云车智汇 positions itself as a niche player in the Chinese used car market, leveraging a digital platform to connect buyers, sellers, and dealers. Its business model revolves around providing listings, facilitating transactions, and offering value-added services such as automotive news and exhibitions. The company targets individual consumers and dealers across multiple Chinese provinces, as evidenced by the extensive city-specific subdomains and dealer listings. The presence of franchise and partnership links suggests a strategy to expand its ecosystem and revenue streams. The company benefits from a clear market focus and a growing automotive sector in China but faces competition from larger platforms. Strategic partnerships and content richness are key competitive advantages.
Security Posture Analysis
Comprehensive Security Assessment
The website demonstrates a moderate security posture with HTTPS enabled, ensuring encrypted communications. However, the absence of DNSSEC and security headers such as Content-Security-Policy and X-Frame-Options exposes the site to potential DNS spoofing and clickjacking attacks. The lack of published security policies and incident response contacts reduces transparency and preparedness for security incidents. No signs of malware or phishing were detected. Privacy compliance is weak due to missing cookie consent mechanisms. Overall, the security maturity is basic and requires enhancements to meet industry best practices and regulatory requirements.
Strategic Recommendations
Priority Actions for Security Improvement
Enable DNSSEC on the domain to protect against DNS spoofing and improve domain security.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
Chengdu West Dimension Digital Technology Co., Ltd.
云车智汇,专业的二手车交易市场,为您提供最新二手车最新价格动态,二手车交易,二手车求购等服务,为您推荐优质二手车、真实可靠的商家及个人二手车源信息,买卖二手车更放心。
good
consistent
Technical Stack
moderate
basic
basic
good
Security Assessment
- HTTPS usage
- No visible exposed sensitive data
- Forms use POST method (inferred)
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is a professional used car trading platform targeting Chinese market.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
No email authentication configured
CRITICALDomain is vulnerable to email spoofing
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 49 days
Mixed Content Detected
MEDIUM69 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
DNS Records
DNSSEC Status
DNS Performance
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
High-Risk Service Exposed: FTP
HIGHPort 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer
Critical Service Exposed: MySQL
CRITICALPort 3306 (MySQL) is publicly accessible - MySQL - Database server
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings