Skip to main content

Is sdongpo.com a Scam? Security Check Results - 北京木屋时代科技有限公司 Reviews

sdongpo.com favicon

Is sdongpo.com Safe? Security Analysis for 北京木屋时代科技有限公司

https://sdongpo.com

Check if sdongpo.com is a scam or legitimate. Free security scan and reviews.

TechnologyChinamedium
Vue.jsNuxt.jsElement UIBaidu AnalyticsBaidu Site Verification Script
Analyzed 8/1/2025Completed 11:07:24 PM
59
Security Score
MEDIUM RISK

AI Summary

The website www.sdongpo.com represents Beijing MuWu Times Technology Co., Ltd., a company founded in 2014 specializing in SaaS and ERP solutions for the fresh food supply chain industry. The company offers a comprehensive suite of products including fresh food delivery systems, vegetable distribution software, and intelligent hardware, serving over 10,000 fresh food distribution enterprises. The website is professionally designed with rich multimedia content, customer testimonials, and detailed business solutions, targeting fresh food supply chain businesses primarily in China. Technically, the website is built using modern JavaScript frameworks such as Vue.js and Nuxt.js, with integration of Baidu analytics and site verification scripts. The site demonstrates good mobile optimization and SEO practices, although some accessibility features could be improved. The performance is moderate with efficient content delivery. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in the HTML. However, it lacks explicit security headers and published privacy or cookie policies, which are important for compliance and user trust. The WHOIS data for the domain is missing or not found, which raises concerns about domain registration legitimacy and consistency with the business claims. Overall, the website presents a credible and professional business front with strong market positioning in the fresh food SaaS sector. The main risks relate to incomplete WHOIS information and absence of formal privacy and security policies. Strategic improvements in these areas would enhance trust and compliance.

Detected Technologies

Vue.jsNuxt.jsElement UIBaidu AnalyticsBaidu Site Verification Script

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Beijing MuWu Times Technology Co., Ltd. operates in the technology sector, focusing on SaaS and ERP solutions for fresh food supply chains. Their business model revolves around software-as-a-service offerings complemented by intelligent hardware products. The company targets fresh food distributors, catering to over 10,000 clients, indicating a strong market presence and growth trajectory. Their competitive advantages include comprehensive supply chain digitalization, integration of blockchain for food safety traceability, and a dedicated research institute providing industry insights. The company maintains a robust partnership ecosystem visible through multiple external links and client testimonials. Revenue streams likely include software subscriptions, hardware sales, and consulting services. The company emphasizes operational efficiency, loss reduction, and data-driven decision-making for clients.

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (2)

400*******
400*******

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a moderate security maturity level. HTTPS is enforced, ensuring encrypted communication. However, the absence of common security headers such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options reduces protection against common web attacks. No security incident response or vulnerability disclosure policies are published, limiting transparency and preparedness. The site uses third-party scripts (Baidu analytics and site verification), which should be regularly audited for vulnerabilities. No exposed sensitive data or credentials were found in the HTML. The lack of privacy and cookie policies indicates potential compliance gaps, especially regarding GDPR or similar regulations. Overall, while basic security measures are in place, there is room for improvement in policy publication, header implementation, and compliance documentation.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish comprehensive privacy and cookie policies including user consent mechanisms to improve compliance and user trust.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

北京木屋时代科技有限公司

Description:

蔬东坡提供专业的生鲜供应链SaaS解决方案,包括生鲜配送系统、蔬菜配送软件、食材配送软件等,为超过10000家生鲜配送企业提供数智服务

Key Services:
生鲜配送系统蔬菜配送软件食材配送软件智能硬件生态云平台
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
Vue.jsNuxt.jsElement UIBaidu AnalyticsBaidu Site Verification Script
Frameworks:
Nuxt.jsVue.js
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
70/100
Best Practices:
  • HTTPS enforced (implied by canonical link https)
  • No exposed sensitive data in HTML

Analytics & Tracking

Services:
Baidu Analytics
Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Marketing Tools:
Baidu Site Verification
Transparency Level:basic

Website Quality Assessment

Design Quality:excellent
User Experience:good
Content Relevance:excellent
Navigation Clarity:good
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and multimedia

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

67/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

Mixed Content Detected

MEDIUM

9 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:8.146.200.147, 8.140.249.33
Name Servers:
vip3.alidns.comDNS only
vip4.alidns.comDNS only
SOA:Serial: 2025073015, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:100ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is developed using modern front-end technologies including Vue.js and Nuxt.js frameworks, leveraging Element UI components for UI consistency. It integrates Baidu analytics for user tracking and Baidu site verification scripts for SEO and site ownership validation. The site is mobile-optimized with a redirect script to mobile subdomains. Performance is moderate, with preloading and module preloading techniques used for scripts and styles. No CMS was detected, indicating a custom or framework-based build. Hosting provider details are not evident from the HTML. The site uses HTTPS with canonical URLs properly set. Some technical debt is noted in the absence of security headers and privacy compliance features. Overall, the technical infrastructure supports a professional and scalable web presence.
Analyze Another Website