Is lottoir.com Safe? Security Analysis for 中国二手网
Check if lottoir.com is a scam or legitimate. Free security scan and reviews.
AI Summary
中国二手网是一家专注于中国国内二手物品交易和废旧物资回收的在线平台,提供二手货、二手车、二手设备、二手房等多种二手交易服务。该网站通过信息发布和撮合交易的商业模式,服务于广泛的二手市场用户。网站内容丰富,涵盖行业展会和资讯,体现出一定的市场覆盖和专业性。技术上,网站采用了Destoon CMS和常见的JavaScript库如jQuery,性能和移动优化处于基础水平。安全方面,网站缺乏HTTPS强制和安全头,且未启用DNSSEC,存在一定的安全隐患。隐私合规方面,网站提供了基本的隐私政策和服务条款,但缺少Cookie政策和GDPR合规指示。整体来看,网站适合一般用户访问,但在安全和隐私合规方面有提升空间。
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
该网站定位为中国二手市场的重要信息平台,拥有大量二手产品和求购信息,覆盖机械设备、家电、手机、矿业设备等多个行业领域。其商业模式依赖于用户发布和浏览二手交易信息,可能通过广告和推广服务盈利。网站的市场定位较为专业,面向中国大陆用户,且通过丰富的行业分类和资讯内容增强用户粘性。合作伙伴和友情链接显示其在相关行业内有一定的生态连接。缺乏明确的联系方式和认证信息,可能影响部分用户信任。
Security Posture Analysis
Comprehensive Security Assessment
网站当前安全成熟度较低,未见HTTPS强制使用,且缺少常见安全头如Content-Security-Policy、X-Frame-Options等。域名未启用DNSSEC,增加了DNS欺骗风险。网站未公开安全事件响应或漏洞披露政策,缺少安全文化和合规指示。建议加强SSL配置,启用安全头,完善隐私和安全政策,提升整体安全防护能力。
Strategic Recommendations
Priority Actions for Security Improvement
启用并强制使用HTTPS,配置HSTS以防止中间人攻击。
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
中国二手网
中国二手网是国内专业的二手闲置物品交易平台,提供二手货、二手车、二手设备、二手电脑、二手数码、旧家具百货、二手电器、二手手机、二手家电、二手家具、二手办公用品、二手供求信息及废旧物资回收服务。
good
moderate
Technical Stack
moderate
basic
basic
basic
Security Assessment
- Domain status clientTransferProhibited
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is a Chinese second-hand goods trading platform.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
Critical sector without clear security compliance
HIGHDetected sectors: digital
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
No email authentication configured
CRITICALDomain is vulnerable to email spoofing
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 63 days
Mixed Content Detected
MEDIUM5 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
Domain Delete Lock Not Enabled
LOWDomain can be deleted without additional verification
No DMARC Record
MEDIUMDMARC policy not configured
Domain Registration Details
DNS Records
DNSSEC Status
DNS Performance
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
High-Risk Service Exposed: FTP
HIGHPort 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer
Critical Service Exposed: MySQL
CRITICALPort 3306 (MySQL) is publicly accessible - MySQL - Database server
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings