Is chanham.com Safe? Security Analysis for 深圳市成翰科技有限公司
Check if chanham.com is a scam or legitimate. Free security scan and reviews.
AI Summary
深圳市成翰科技有限公司 is a medium-sized Chinese company specializing in intelligent manufacturing solutions, including MES, WMS, QMS, and smart logistics systems. Established in 2005, it positions itself as a leading domestic provider of integrated smart factory platforms, serving industries such as biopharmaceuticals, daily chemicals, semiconductors, and automotive parts. The website reflects a professional and consistent brand image with detailed product and service offerings tailored to manufacturing enterprises. Technically, the website employs a modern frontend stack including jQuery, Bootstrap, and various UI plugins, hosted on Alibaba Cloud. It is mobile-optimized and SEO-friendly, though accessibility features are basic. Analytics are primarily via Baidu services, indicating a focus on the Chinese market. Security posture is moderate; HTTPS is assumed but lacks visible advanced security headers or cookie consent mechanisms, which are areas for improvement. From a security perspective, no critical vulnerabilities or WAF blocks were detected. However, the absence of explicit security policies, incident response contacts, and cookie consent may pose compliance risks, especially under GDPR or similar regulations. The WHOIS data shows a long-standing domain registration consistent with the company's history, enhancing trustworthiness. Overall, the website is professional and trustworthy with good business credibility but could enhance privacy compliance and security best practices to strengthen its posture and user trust.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
The company operates in the manufacturing sector, focusing on smart factory software solutions. Its competitive advantage lies in deep industry experience (18 years), a strong technical team (70% technical staff), and a broad portfolio of integrated manufacturing execution and warehouse management systems. The business model centers on software development and consulting services for manufacturing digital transformation. The target customers are manufacturing enterprises seeking Industry 4.0 capabilities. The company maintains partnerships with recognized software and technology providers and has a growing client base exceeding 200 customers. Growth indicators include recent news about new project launches and collaborations. The website content and structure support a professional image aligned with its market position.
Extracted Contact Information
Marketing Intelligence Data
Email Addresses (1)
Phone Numbers (1)
Physical Addresses (1)
Security Posture Analysis
Comprehensive Security Assessment
The website demonstrates a moderate security maturity level. HTTPS is presumably enabled, but no security headers such as Content Security Policy, HSTS, or X-Frame-Options are detected, which are recommended to mitigate common web attacks. No exposed sensitive data or vulnerable libraries were found in the HTML content. Forms use POST methods but lack visible anti-CSRF tokens or CAPTCHA mechanisms. Privacy compliance is limited, with no cookie consent banner and no published security or incident response policies. The absence of DNSSEC and security.txt files further indicates room for improvement. Overall, the security posture is functional but could be significantly enhanced to meet modern compliance and security standards.
Strategic Recommendations
Priority Actions for Security Improvement
Implement comprehensive security headers including CSP, HSTS, and X-Frame-Options to harden the website against attacks.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
深圳市成翰科技有限公司
成翰科技是国内专业的智能工厂整体解决方案商。自主研发底层平台,构建MES、WMS、QMS、EMS、APS、智慧物流等十大模块。专注于生物、日化、芯片、PCBA电子、半导体、机械加工、汽配、线束、电子烟雾化器等行业。
good
consistent
Technical Stack
moderate
good
basic
good
Security Assessment
- Use of HTTPS assumed
- No exposed sensitive data in HTML
- Forms use POST method
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with rich content.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
Critical sector without clear security compliance
HIGHDetected sectors: energy, transport, banking, digital
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
SPF Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
Mixed Content Detected
MEDIUM19 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
High-Risk Service Exposed: FTP
HIGHPort 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings