Skip to main content

Is morko.net a Scam? Security Check Results - 魔扣目录 Reviews

Is morko.net Safe? Security Analysis for 魔扣目录

https://morko.net

Check if morko.net is a scam or legitimate. Free security scan and reviews.

TechnologyChinamedium
JavaScriptjQuery (implied by layui.js usage)layui CSS frameworkPHP (implied by .php scripts)Cloudflare Insights (beacon.min.js)
Analyzed 8/3/2025Completed 3:38:03 AM
57
Security Score
MEDIUM RISK

AI Summary

魔扣目录 (www.morko.net) is a Chinese language web directory and content platform that provides an open, manually curated website classification directory, small program navigation, and informational articles. It targets webmasters and general internet users seeking categorized website listings and SEO promotion services. The platform offers free and paid website inclusion services and advertises via direct contact channels. Technically, the site uses a custom CMS with PHP backend, layui frontend framework, and integrates third-party analytics from 51.la and Cloudflare Insights. The website is mobile-optimized and uses HTTPS, but lacks explicit cookie consent mechanisms and some security headers. Security posture is moderate with no visible vulnerabilities but room for improvement in headers and privacy compliance. WHOIS data is unavailable, raising concerns about domain registration legitimacy, though the active content and user engagement suggest an established platform. Overall, the site is functional and professional but should improve transparency and security practices.

Detected Technologies

JavaScriptjQuery (implied by layui.js usage)layui CSS frameworkPHP (implied by .php scripts)Cloudflare Insights (beacon.min.js)

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

魔扣目录 operates as an important entity in the technology and media sectors, focusing on website directory services, small program navigation, and content publishing. Its business model revolves around providing free and paid website submissions, SEO promotion, and advertising opportunities. The platform serves a broad audience of webmasters and internet users in China, with a medium-sized operation indicated by the volume of listings and articles. The site maintains partnerships with various external domains and offers a range of categorized services. Growth indicators include active article publishing and user registration features. However, the lack of WHOIS data and limited direct contact information may impact trust and credibility. Strategic partnerships and enhanced compliance could strengthen market position.

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a moderate security maturity level with enforced HTTPS and use of asynchronous scripts to reduce attack surface. However, the absence of explicit security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options limits protection against common web attacks. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is basic, lacking cookie consent mechanisms and detailed privacy policies aligned with GDPR or similar regulations. Incident response and vulnerability disclosure information are absent, indicating limited readiness for security incidents. Overall, the security posture is functional but requires enhancements in headers, privacy compliance, and incident response transparency to reduce risk.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement comprehensive security headers including Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to mitigate common web vulnerabilities.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

魔扣目录

Description:

魔扣网站目录(www.morko.net)网全人工编辑的开放式网站分类目录提交及资讯发布平台,网站目录,网址大全,免费网址之家,收录国内外、各行业优秀网站及小程序,旨在为用户提供网站分类目录网站检索、小程序导航、公众号大全、优秀网站目录参考、网站优化(SEO)推广及互联网资讯服务。

Key Services:
网站目录收录小程序导航文章资讯发布网站推广及SEO服务广告合作
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
JavaScriptjQuery (implied by layui.js usage)layui CSS frameworkPHP (implied by .php scripts)Cloudflare Insights (beacon.min.js)
Frameworks:
layui
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enforced
  • No exposed sensitive data in HTML
  • Use of asynchronous script loading

Analytics & Tracking

Services:
51.laCloudflare Insights
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
51.laCloudflare Insights
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is a Chinese language web directory and content platform

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

50/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Weak X-Frame-Options configuration

LOW

Current value: "SAMEORIGIN, SAMEORIGIN"

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Weak Referrer-Policy configuration

LOW

Current value: "same-origin"

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

65/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 52 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Mixed Content Detected

MEDIUM

5 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:morko.net
Issuer:WE1
Valid Until:9/24/2025 (52 days)
SANs:morko.net, *.morko.net

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
15 years(mature)
Expiry Risk
low(150 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:104.21.96.1, 104.21.80.1, 104.21.64.1, 104.21.16.1, 104.21.112.1, 104.21.48.1, 104.21.32.1
AAAA Records:2606:4700:3030::6815:5001, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:3001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:1001
Name Servers:
luciana.ns.cloudflare.com
randy.ns.cloudflare.com
MX Records:
10: mxdomain.qq.com
SOA:Serial: 2378555128, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:73ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a custom PHP-based CMS with the layui frontend framework, delivering a mobile-optimized and well-structured user experience. JavaScript libraries and asynchronous loading improve performance, while integration with analytics services like 51.la and Cloudflare Insights enables user behavior tracking. The site structure supports extensive categorized content and user interaction via search and member login/register forms. However, the absence of modern security headers and cookie consent mechanisms indicates technical debt in security and privacy compliance. Hosting provider details are not evident, and WHOIS data is missing, which may pose risks. Performance is moderate with room for optimization in accessibility and SEO enhancements.
Analyze Another Website