Skip to main content

Is cazafa.com a Scam? Security Check Results - cazafa.com Reviews

C

Is cazafa.com Safe? Security Analysis for 中国软文网-软文发布,软文推广,软文代发,软文代写,媒体软文推广平台

https://cazafa.com

Check if cazafa.com is a scam or legitimate. Free security scan and reviews.

MediaChinamedium
jQuery 1.7.2SuperSlide jQuery pluginCustom JavaScriptCSSHTML5
Analyzed 8/2/2025Completed 9:50:58 PM
43
Security Score
HIGH RISK

AI Summary

The website cazafa.com operates as a Chinese media marketing platform specializing in soft article publishing, soft article promotion, and multi-channel marketing services including social media and new media marketing. It targets enterprises and marketers seeking professional media resources and advertising channels. The platform offers a broad range of services such as soft article writing, publishing, website optimization, and social media marketing, supported by extensive media resources across China. The business is relatively new, with domain registration in August 2023, consistent with the website's content and service offerings. Technically, the website uses an older jQuery version (1.7.2) and custom JavaScript, with a CMS likely being Destoon. The site is moderately optimized for performance and mobile, with basic SEO and accessibility features. Security posture is moderate but lacks DNSSEC and security headers, and uses outdated libraries that may pose risks. Privacy compliance is poor due to the absence of privacy and cookie policies. Contact information is limited to member login/register forms and an online QQ customer service link, with no explicit company emails or phone numbers. Overall, the site is accessible without WAF or blocking mechanisms, and content is professional and safe for general audiences. The domain registration is consistent and legitimate for a new business. However, security and privacy improvements are recommended to enhance trust and compliance.

Detected Technologies

jQuery 1.7.2SuperSlide jQuery pluginCustom JavaScriptCSSHTML5

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Cazafa.com positions itself as a specialized media marketing platform in China, focusing on soft article marketing and new media channels such as WeChat, Weibo, short videos, and live streaming. Its business model revolves around providing enterprises with access to a wide range of media resources for advertising and brand promotion. The platform aggregates thousands of media outlets and influencers, offering categorized marketing packages by industry and audience size. The company appears to be a medium-sized entity founded in 2023, with a focus on digital marketing services in the media sector. The lack of explicit company registration or legal information on the site suggests a need for greater transparency to boost business credibility. The presence of online customer service via QQ and member account systems indicates an interactive platform for client engagement.

Security Posture Analysis

Comprehensive Security Assessment

The website employs HTTPS, but no detailed SSL configuration information is available. The domain lacks DNSSEC, which is a recommended security enhancement. No HTTP security headers such as Content-Security-Policy, X-Frame-Options, or HSTS are detected, reducing protection against common web attacks. The use of an outdated jQuery version (1.7.2) introduces potential vulnerabilities. Forms are present for login and registration but no explicit security measures like CAPTCHA or input validation are visible in the HTML. No privacy or cookie policies are provided, indicating compliance gaps with GDPR and other data protection regulations. Incident response and security policy information are absent, limiting transparency on security governance. Overall, the security posture is moderate but requires significant improvements to meet best practices and regulatory standards.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to improve DNS security.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Description:

中国软文网,专业媒体软文推广平台,为企业提供专业的软文发布,软文推广,软文代发,软文代写,网站优化,网络营销,网站推广,自媒体推广,微信营销等服务,拥有上万家一手媒体资源,覆盖面广,媒体直编发稿快。

Key Services:
软文发布软文推广软文代发软文代写网站优化网络营销网站推广自媒体推广微信营销
Content Quality:

good

Branding:

moderate

Technical Stack

Technologies:
jQuery 1.7.2SuperSlide jQuery pluginCustom JavaScriptCSSHTML5
Performance:

moderate

Mobile:

basic

Accessibility:

basic

SEO:

basic

Security Assessment

Security Score:
40/100
Best Practices:
  • Domain uses HTTPS (implied by URL)
  • No DNSSEC enabled

Analytics & Tracking

Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Tracking Pixels:
Baidu linksubmit (zz.bdstatic.com)
Marketing Tools:
Custom marketing scriptsSocial media integration
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is a Chinese media marketing platform specializing in soft article publishing and multi-channel marketing.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

Mixed Content Detected

MEDIUM

175 resources loaded over insecure HTTP

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

45/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Expires Soon

HIGH

Domain expires in 20 days

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
1 years(established)
Expiry Risk
high(3 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:154.220.78.11
Name Servers:
jm1.dns.comWHOIS only
jm2.dns.comWHOIS only
ns1.judns.comDNS only
ns2.judns.comDNS only

DNSSEC Status

DNSSEC Not Enabled

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using HTML5, CSS, and JavaScript with jQuery 1.7.2 and the SuperSlide plugin for UI effects. The CMS appears to be Destoon, inferred from JavaScript variables and URL patterns. The site loads external scripts from its own domain and trusted sources like Baidu static resources. Performance is moderate with some optimization for mobile devices via a GoMobile script redirect. SEO is basic with meta keywords and descriptions in Chinese. Accessibility features are minimal. The site uses multiple external domains for DNS and social media integration. No modern JavaScript frameworks or advanced backend technologies are evident from the HTML content. The site structure is clear with categorized marketing services and resource listings.
Analyze Another Website