Skip to main content

Is yunhaoma.cc a Scam? Security Check Results - 光年号 Reviews

yunhaoma.cc favicon

Is yunhaoma.cc Safe? Security Analysis for 光年号

https://yunhaoma.cc

Check if yunhaoma.cc is a scam or legitimate. Free security scan and reviews.

TechnologyChinasmall
jQueryBootstrapSVG InjectorFeather IconsGoogle Tag Manager+1 more
Analyzed 8/2/2025Completed 11:29:32 AM
50
Security Score
MEDIUM RISK

AI Summary

光年号是一家专注于提供全球云手机号码服务的技术公司,主要面向跨境电商、外贸及海外业务用户。其核心业务是销售和管理真实的海外实体SIM卡,支持短信接收、自动转发及API集成,满足长期保号和团队批量管理需求。网站内容丰富,设计专业,导航清晰,支持移动端访问,体现出较好的数字化成熟度。技术栈包括jQuery、Bootstrap及多种现代前端工具,配合Google Tag Manager和百度统计实现数据分析。安全方面,网站使用HTTPS,但缺少明显的安全头和隐私合规机制,存在改进空间。整体风险较低,业务模式清晰,客户评价和合作伙伴展示增强了信任度。

Detected Technologies

jQueryBootstrapSVG InjectorFeather IconsGoogle Tag ManagerBaidu Analytics

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

光年号在云号码市场中定位为专业的实体SIM卡云服务商,强调真实卡片和长期保号优势,区别于虚拟号码服务。其商业模式基于在线销售和管理SIM卡,提供短信API和团队协作功能,适合跨境电商和海外业务运营。网站展示了多家合作伙伴和客户评价,表明一定的市场认可度。通过链接多个相关技术和营销平台,构建了较为完整的生态系统。业务规模偏小,主要服务中国市场,未来可通过增强安全合规和扩展国际市场提升竞争力。

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

k*****@qianke.ltd

Security Posture Analysis

Comprehensive Security Assessment

当前网站安全措施有限,虽然使用HTTPS保障传输安全,但缺少关键安全头如Content-Security-Policy、X-Frame-Options等,未见安全政策或事件响应信息。无漏洞披露渠道,缺少GDPR等隐私合规标识,且无cookie同意机制,存在合规风险。未检测到明显漏洞或敏感信息泄露,但建议加强安全策略,完善隐私保护和用户数据管理,提升整体安全成熟度。

Strategic Recommendations

Priority Actions for Security Improvement

1

部署并配置安全HTTP头(CSP、HSTS、X-Frame-Options等)以防范常见攻击。

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

光年号

Description:

光年号是一家专业提供全球云手机号码的平台,用户可以在线购买及持有海外实体SIM手机号,满足低成本长期保号需求,适合跨境、外贸、海外业务、虚拟行业等使用场景。支持美国、英国、中国香港等多国实体SIM卡,非虚拟号,支持几乎所有账户注册。

Key Services:
海外实体SIM卡销售短信接收与自动转发API短信集成团队批量管理与子账号分配
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQueryBootstrapSVG InjectorFeather IconsGoogle Tag ManagerBaidu Analytics
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
65/100
Best Practices:
  • HTTPS usage (implied by external scripts loaded over HTTPS)
  • No visible exposed sensitive data
  • No visible vulnerable libraries

Analytics & Tracking

Services:
Google Tag ManagerBaidu Analytics
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Marketing Tools:
Baidu Analytics
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website provides a specialized cloud SIM card service targeting overseas phone numbers.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

53/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, banking, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

69/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 46 days

HSTS Missing includeSubDomains

LOW

HSTS header does not include subdomains

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:8.217.5.62
Name Servers:
ns3.myhostadmin.netDNS only
ns4.myhostadmin.netDNS only
SOA:Serial: 2025062107, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:412ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

40/100
Score

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

网站采用主流前端技术栈,使用Bootstrap框架实现响应式设计,jQuery简化DOM操作,SVG Injector和Feather Icons提升视觉表现。通过Google Tag Manager和百度统计实现用户行为分析。页面加载速度适中,移动端优化良好。缺少CMS迹象,可能为定制开发。技术实现稳定但安全配置不足,存在提升空间。建议引入现代前端框架和自动化测试工具,优化性能和安全。
Analyze Another Website