Skip to main content

Is hancong.com a Scam? Security Check Results - 汉聪电商 Reviews

hancong.com favicon

Is hancong.com Safe? Security Analysis for 汉聪电商

https://hancong.com

Check if hancong.com is a scam or legitimate. Free security scan and reviews.

E-commerceChinalarge
jQuery 1.7.2Swiper 4.3.5Layer.jskuaishang.cn chat serviceGoogle Analytics+1 more
Analyzed 8/2/2025Completed 12:10:10 AM
55
Security Score
MEDIUM RISK

AI Summary

汉聪电商是一家专注于电商代运营服务的公司,提供包括淘宝、天猫、京东、拼多多及抖小店等多平台的店铺托管、推广、视觉设计及直播运营等一站式服务。公司在国内电商代运营领域拥有较高的市场地位,拥有丰富的成功案例和多项阿里妈妈认证,体现其专业性和行业认可度。技术基础采用了主流的JavaScript库和在线客服系统,网站设计专业且移动端优化良好。安全方面,网站启用了HTTPS,使用了验证码防护表单,但缺少部分安全HTTP头和隐私政策披露,存在一定的合规风险。WHOIS信息缺失,显示域名未注册或信息隐藏,存在一定的信任隐患。整体来看,网站内容丰富,业务清晰,适合电商商家寻求专业代运营服务,但建议完善隐私合规和安全防护措施以提升信任度。

Detected Technologies

jQuery 1.7.2Swiper 4.3.5Layer.jskuaishang.cn chat serviceGoogle AnalyticsBaidu Analytics

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

汉聪电商定位为大型电商代运营服务商,覆盖多电商平台,服务超过6年,累计服务商家数万家,年服务店铺GMV达20亿元以上。其业务模式以提供专业运营团队支持、营销推广、视觉设计及直播运营为核心,面向电商卖家和品牌商。公司通过多项行业认证和成功案例展示,建立了良好的市场信誉。合作伙伴主要为电商平台及相关服务商。网站集成多种营销工具和在线客服,支持客户快速咨询和服务获取。未来增长潜力依赖于电商市场扩展及直播电商趋势。

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

k*****@hancong.com

Phone Numbers (1)

400*******

Security Posture Analysis

Comprehensive Security Assessment

网站采用HTTPS保障数据传输安全,集成了腾讯验证码防止自动提交,使用了第三方在线客服系统。缺少安全HTTP头如Content-Security-Policy和X-Frame-Options,存在一定的安全加固空间。未发现敏感信息泄露或明显漏洞。缺少公开的隐私政策和安全事件响应信息,合规性不足。WHOIS信息缺失可能影响域名信任度。建议加强安全头配置,完善隐私合规文档,建立安全事件响应流程以提升整体安全成熟度。

Strategic Recommendations

Priority Actions for Security Improvement

1

发布并显著链接隐私政策和Cookie政策,提升合规性

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

汉聪电商

Description:

专业代运营公司,主要提供淘宝代运营,天猫代运营,网店托管,客服外包等一站式专业代运营服务。

Key Services:
天猫代运营淘宝代运营京店代运营拼多多代运营抖小店代运营直播运营客服外包营销推广视觉设计摄影服务
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuery 1.7.2Swiper 4.3.5Layer.jskuaishang.cn chat serviceGoogle AnalyticsBaidu Analytics
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enforced
  • No exposed sensitive data in HTML
  • Use of captcha (Tencent TCaptcha) for form validation

Analytics & Tracking

Services:
Google AnalyticsBaidu Analytics
Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Marketing Tools:
kuaishang.cn chatTencent TCaptcha
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and interactive features

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

50/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

35/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Third-party services without privacy policy

HIGH

Detected services: Google Analytics

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

70/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:spf.mail.qq.com ~all
DNS Lookups:1/10
Policy:~all

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

47/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 33 days

HSTS Not Enabled

MEDIUM

HTTP Strict Transport Security (HSTS) is not configured

Mixed Content Detected

MEDIUM

5 resources loaded over insecure HTTP

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
18 years(mature)
Expiry Risk
low(234 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:8.129.172.90
Name Servers:
ns1.alidns.com
ns2.alidns.com
MX Records:
10: mxbiz1.qq.com
10: mxbiz2.qq.com
SOA:Serial: 2025032613, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:315ms

SPF Analysis

SPF Record:
v=spf1 include:spf.mail.qq.com ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

网站技术架构基于传统的jQuery和Swiper等前端库,集成了Layer.js弹窗和kuaishang.cn在线客服系统,支持实时客户沟通。页面结构清晰,SEO优化良好,移动端适配较好。性能表现中等,部分资源通过CDN加速。缺少现代前端框架和自动化测试工具的迹象,存在一定技术债务。建议逐步引入现代前端技术栈和性能监控工具,提升用户体验和维护效率。
Analyze Another Website