Skip to main content

Is ajudol.com a Scam? Security Check Results - 网上车市 Reviews

ajudol.com favicon

Is ajudol.com Safe? Security Analysis for 网上车市

https://ajudol.com

Check if ajudol.com is a scam or legitimate. Free security scan and reviews.

TransportationChinamedium
HTML5CSSJavaScriptjQuery 1.5.2jQuery 2.1.1
Analyzed 8/3/2025Completed 7:14:38 AM
37
Security Score
HIGH RISK

AI Summary

网上车市 (ajudol.com) is a Chinese online platform specializing in used car trading, offering a comprehensive marketplace for buying and selling second-hand vehicles. The website provides categorized listings by car brands and models, automotive news, educational content, and services such as member registration, product publishing, and merchant backend management. It targets individual consumers and used car dealers across multiple cities in China, positioning itself as a professional and established player in the domestic used car market. The business appears to have been founded in 2008, although the current domain was registered in 2023, suggesting a possible domain migration or rebranding. Technically, the website is built on the Destoon CMS platform, utilizing HTML5, CSS, and JavaScript with jQuery libraries. The site is hosted by Alibaba Cloud Computing Ltd., a reputable provider. The website demonstrates moderate performance and basic mobile optimization, with clear navigation and structured content. SEO practices are adequately implemented with relevant meta tags and keyword usage. However, accessibility features are basic and could be improved. From a security perspective, the site uses HTTPS but lacks DNSSEC and does not implement common security headers, which reduces its security posture. No sensitive data exposure or vulnerable libraries were detected in the provided content. Privacy compliance is limited, with no visible cookie consent mechanisms and only a basic privacy policy present. Contact information is not explicitly provided, which may impact user trust and compliance with data protection regulations. Overall, the website is functional and professional with good content quality and business credibility. However, improvements in security best practices, privacy compliance, and mobile accessibility are recommended to enhance trustworthiness and regulatory adherence.

Detected Technologies

HTML5CSSJavaScriptjQuery 1.5.2jQuery 2.1.1

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The platform operates as an important entity within the transportation sector, focusing on used car sales and related services. Its business model revolves around providing a digital marketplace connecting buyers and sellers, supported by features such as member accounts, product listings, and promotional services. The website's extensive categorization of car brands and models, along with automotive news and educational content, indicates a strategy to attract and retain users through comprehensive offerings. The presence of multiple city-specific subdomains suggests a broad geographic reach within China. The site also engages in partnerships with various other Chinese service websites, enhancing its ecosystem. Revenue streams likely include advertising, premium memberships, and promotional placements. The lack of direct contact information and limited privacy compliance may pose challenges in customer trust and regulatory environments.

Security Posture Analysis

Comprehensive Security Assessment

The security maturity of the website is moderate. HTTPS is implemented, ensuring encrypted communication. However, the absence of DNSSEC and security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options indicates gaps in defense-in-depth strategies. No incident response or security policy information is publicly available, and no dedicated security contact channels were found. The site does not display cookie consent mechanisms, which may lead to non-compliance with privacy regulations like GDPR. No known vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, while basic security measures are in place, enhancements are needed to improve resilience and compliance.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to protect against DNS spoofing and improve DNS security.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

网上车市

Description:

网上车市,国内专业的二手车交易平台,为您提供大量的二手车出售转让信息,优质二手车品牌,免费的二手车报价,真实可靠的商家及个人二手车车源信息,更多靠谱二手车交易市场信息,尽在网上车市!

Key Services:
二手车出售二手车求购二手车商信息汽车展会汽车新闻招商加盟
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
HTML5CSSJavaScriptjQuery 1.5.2jQuery 2.1.1
Performance:

moderate

Mobile:

basic

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
55/100
Best Practices:
  • HTTPS usage implied by URLs (https://)
  • No visible exposed sensitive data in HTML

Analytics & Tracking

Tracking Level:minimal
Privacy Compliance:poor

Advertising & Marketing

Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is a professional used car trading platform targeting Chinese market.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

Mixed Content Detected

MEDIUM

2 resources loaded over insecure HTTP

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:103.41.80.42
Name Servers:
ns1.julydns.comDNS only
ns2.julydns.comDNS only

DNSSEC Status

DNSSEC Not Enabled

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

High-Risk Service Exposed: FTP

HIGH

Port 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a traditional web stack with HTML5, CSS, and JavaScript, leveraging jQuery versions 1.5.2 and 2.1.1 for client-side scripting. It is built on the Destoon CMS, a Chinese content management system tailored for e-commerce and classified ads. Hosting is provided by Alibaba Cloud Computing Ltd., a major cloud provider in China. The site includes multiple city-specific subdomains, indicating a distributed content strategy. Performance is moderate with room for improvement, especially in mobile responsiveness and accessibility. SEO is well addressed through meta tags and structured navigation. No advanced frameworks or modern JavaScript libraries (e.g., React, Angular) were detected. The site uses standard forms for login, registration, and search but lacks advanced security features such as CAPTCHA or multi-factor authentication visible in the HTML content.
Analyze Another Website