Is sccdjgcj.com Safe? Security Analysis for 成都九州合创建材有限公司
Check if sccdjgcj.com is a scam or legitimate. Free security scan and reviews.
AI Summary
成都九州合创建材有限公司是一家专业从事各类井盖制造的中型制造企业,拥有20年行业经验,产品涵盖球墨铸铁井盖、复合井盖、不锈钢隐形井盖、树脂井盖及水泥井盖等,面向建筑工程、政府市政及工业客户提供定制化生产和批发服务。网站内容丰富,结构清晰,展示了公司产品优势、工程案例及客户见证,体现出较强的市场竞争力和品牌影响力。技术上,网站采用传统的jQuery和JavaScript技术,性能适中,移动端优化基本,SEO表现良好。安全方面,网站使用HTTPS,但缺少安全头部和隐私合规政策,存在一定改进空间。WHOIS信息缺失,影响域名信任度,建议进一步核实域名注册信息以提升业务可信度。
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
该公司定位于制造业,专注于井盖及相关产品的研发和生产,拥有较为完善的产品线和定制能力,市场覆盖四川及周边地区。通过展示丰富的工程案例和客户见证,增强客户信任。合作伙伴涵盖地产、地铁及大型建筑企业,显示良好的行业合作生态。业务模式以制造和批发为主,辅以售后服务,目标客户为市政工程、房地产开发商及工业企业。网站内容和结构支持其业务推广,但缺乏隐私和安全合规信息,可能影响部分客户的信任和合作意愿。
Extracted Contact Information
Marketing Intelligence Data
Phone Numbers (1)
Security Posture Analysis
Comprehensive Security Assessment
网站启用了HTTPS,保证了数据传输的基本安全,但未检测到常见安全头部如Content-Security-Policy、X-Frame-Options等,存在潜在的安全风险。网站未公开隐私政策或安全政策,缺乏GDPR等合规指示,安全文化和合规意识有待加强。使用的jQuery版本较旧,可能存在已知漏洞,建议升级。表单存在但未见明显安全防护措施。整体安全评分中等,建议加强安全头部配置、隐私合规和库版本更新以提升安全水平。
Strategic Recommendations
Priority Actions for Security Improvement
完善并公开隐私政策和Cookie政策,增加用户隐私保护透明度。
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
成都九州合创建材有限公司
成都九州合创建材有限公司是一家专业生产井盖的生产性企业,拥有先进的半自动机制流水线井盖生产设备和行业领先的研发力量,产品涵盖球墨铸铁井盖、高分子复合井盖、不锈钢井盖、树脂井盖、水泥井盖及水篦子等,提供定制服务和完善的售后体系。
good
consistent
Technical Stack
moderate
basic
basic
good
Security Assessment
- HTTPS usage (implied by https URLs in resources)
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with rich content in Chinese language focused on manhole covers manufacturing.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
No email authentication configured
CRITICALDomain is vulnerable to email spoofing
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Unable to retrieve SSL certificate
CRITICALCould not establish secure connection to retrieve certificate information
Mixed Content Detected
MEDIUM13 resources loaded over insecure HTTP
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
Domain Transfer Lock Not Enabled
MEDIUMDomain can be transferred without authorization
Domain Delete Lock Not Enabled
LOWDomain can be deleted without additional verification
No DMARC Record
MEDIUMDMARC policy not configured
Domain Registration Details
- •No domain protection locks enabled
DNS Records
DNSSEC Status
DNS Performance
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
High-Risk Service Exposed: FTP
HIGHPort 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings