Skip to main content

Is heyubao.com a Scam? Security Check Results - Shanghai THREEOA Education Software Co.,Ltd Reviews

heyubao.com favicon

Is heyubao.com Safe? Security Analysis for Shanghai THREEOA Education Software Co.,Ltd

https://heyubao.com

Check if heyubao.com is a scam or legitimate. Free security scan and reviews.

EducationChinasmall
HTML5CSS3JavaScriptBootstrap 3.3.7jQuery 3.3.1+1 more
Analyzed 8/2/2025Completed 5:40:58 AM
46
Security Score
HIGH RISK

AI Summary

HEYU Facetime is an educational technology platform specializing in cutting-edge video conferencing solutions tailored for schools, students, and education bureaus primarily in China. The platform offers online collaboration tools including voice calls, video connections, and interactive blackboards to facilitate knowledge transfer and cooperation. The company behind the platform is Shanghai THREEOA Education Software Co.,Ltd, founded in 2015, positioning itself as a niche provider in the educational video conferencing market. The website is professionally designed with consistent branding and clear navigation, targeting educational institutions and related stakeholders. Technically, the website employs a modern tech stack including Bootstrap 3.3.7, jQuery 3.3.1, and Tencent's jweixin SDK, hosted on Alibaba Cloud infrastructure. The site is mobile optimized and performs moderately well, with good SEO practices. However, accessibility features are basic and could be improved. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks important security headers and DNSSEC is not enabled, representing areas for enhancement. From a security and compliance perspective, the site lacks explicit privacy, cookie, and terms of service policies, which are critical for GDPR and other regulatory compliance. No incident response or vulnerability disclosure information is provided. Contact information is limited to an email address in the meta author tag, with no phone numbers or physical addresses clearly listed. The content is safe for general audiences with no adult or questionable material detected. Overall, the domain registration is consistent and legitimate, supporting the business credibility. Strategically, the platform should prioritize implementing comprehensive privacy and cookie policies, enhance security headers, and provide clear contact and incident response channels to improve trust and compliance. These steps will strengthen the security posture and business credibility, supporting growth in the competitive educational technology market.

Detected Technologies

HTML5CSS3JavaScriptBootstrap 3.3.7jQuery 3.3.1Tencent jweixin SDK

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

HEYU Facetime operates in the education sector, focusing on video conferencing and online collaboration tools for schools and education bureaus in China. The business model centers on providing SaaS-based educational communication solutions, including trial online meetings and conference room creation. The company leverages Alibaba Cloud for hosting and has official Wechat accounts to engage its audience. Market positioning is niche with a focus on educational institutions, offering integrated OA solutions and interactive features. Revenue streams likely include subscription or usage fees for conferencing services. The company shows moderate digital maturity with a consistent brand presence and professional website. However, the lack of detailed contact information and compliance documentation suggests room for operational maturity improvements. No clear partnerships or subsidiaries were identified beyond linked Wechat domains.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

h*****@threeoa.com

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a moderate security posture with mandatory HTTPS enabled and no visible exposure of sensitive data or vulnerable libraries. However, the absence of key security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options reduces defense-in-depth. DNSSEC is not enabled, which could improve DNS security. No forms collecting sensitive data were detected, reducing attack surface. The lack of privacy and cookie policies indicates compliance gaps, especially under GDPR. No incident response or vulnerability disclosure mechanisms are present, limiting transparency and readiness. Overall, the security maturity is adequate but requires enhancements in headers, policies, and incident management to meet best practices and regulatory expectations.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement comprehensive privacy and cookie policies with clear GDPR compliance statements.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Shanghai THREEOA Education Software Co.,Ltd

Description:

Through a variety of online collaboration technologies such as voice calls, video connections, and interactive blackboards, we can achieve the goal of knowledge transfer and cooperation and exchange between school and students, and empower schools, and education bureaus.

Key Services:
Online collaboration technologiesVoice callsVideo connectionsInteractive blackboardsOnline meeting trialsConference room creation
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
HTML5CSS3JavaScriptBootstrap 3.3.7jQuery 3.3.1Tencent jweixin SDK
Frameworks:
Bootstrap
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enabled
  • No visible exposed sensitive data
  • No vulnerable libraries detected
  • No forms with sensitive inputs detected

Analytics & Tracking

Tracking Level:minimal
Privacy Compliance:poor

Advertising & Marketing

Transparency Level:poor

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is professionally designed with clear educational focus

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

95/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 36 days

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:heyubao.com
Issuer:R11
Valid Until:9/7/2025 (36 days)
SANs:heyubao.com, www.heyubao.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
10 years(mature)
Expiry Risk
none(1062 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:203.156.255.40
Name Servers:
dns10.hichina.com
dns9.hichina.com
SOA:Serial: 2025042409, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:394ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a stable and widely adopted technology stack including Bootstrap 3.3.7 and jQuery 3.3.1, along with Tencent's jweixin SDK for Wechat integration. Hosting is provided by Alibaba Cloud, a reputable provider. The site is mobile optimized and includes SEO best practices such as meta tags and Open Graph data. Performance is moderate with video background usage which may impact load times. No CMS was detected, suggesting a custom or static site architecture. Accessibility is basic and could be improved. The site lacks modern security headers and DNSSEC, representing technical debt. Overall, the infrastructure is solid but could benefit from modernization and enhanced security controls.
Analyze Another Website