Skip to main content

Is solidextend.com a Scam? Security Check Results - 北京硕迪制信科技有限公司 Reviews

solidextend.com favicon

Is solidextend.com Safe? Security Analysis for 北京硕迪制信科技有限公司

https://solidextend.com

Check if solidextend.com is a scam or legitimate. Free security scan and reviews.

TechnologyChinamedium
jQuerySlick CarouselCKPlayerGoogle Analytics (gtag.js)Baidu Analytics
Analyzed 9/4/2025Completed 6:42:35 PM
38
Security Score
HIGH RISK

AI Summary

北京硕迪制信科技有限公司 operates as an authorized reseller and service provider for Dassault Systèmes software products including SOLIDWORKS, 3DEXPERIENCE cloud platform, Abaqus finite element analysis, and CST electromagnetic simulation software. The company targets manufacturing and engineering sectors in China, offering software sales, technical consulting, training, and digital services. Their website is professionally designed, mobile-optimized, and provides comprehensive product and service information, including contact channels and online forms. Technically, the site uses common web technologies such as jQuery, Slick Carousel, CKPlayer, and integrates Google and Baidu analytics for user tracking. However, the absence of privacy and cookie policies and lack of security headers indicate areas for compliance and security improvement. The WHOIS data for the domain is missing or the domain appears unregistered, which raises concerns about domain legitimacy despite the professional web presence.

Detected Technologies

jQuerySlick CarouselCKPlayerGoogle Analytics (gtag.js)Baidu Analytics

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The company positions itself as a key authorized reseller for Dassault Systèmes products in China, focusing on providing legitimate software licenses, training, and technical support. Their business model revolves around software sales and value-added services to manufacturing enterprises. The website content and offerings suggest a medium-sized enterprise with a solid market presence in the engineering software sector. The lack of WHOIS data may indicate recent domain registration or privacy protection, which should be clarified to enhance trust. The company leverages analytics and marketing tools to engage customers but lacks explicit privacy compliance documentation.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

s*****@shuodizhixin.com

Phone Numbers (3)

400*******
010*******
861*******

Security Posture Analysis

Comprehensive Security Assessment

The website employs HTTPS and avoids exposing sensitive data in its HTML content, which is positive. However, no security headers such as Content Security Policy, HSTS, or X-Frame-Options were detected, which are recommended best practices to mitigate common web attacks. The forms present on the site collect user data but there is no visible indication of secure handling or privacy compliance. The absence of a privacy policy and cookie consent mechanism is a compliance gap, especially under GDPR and similar regulations. No known vulnerabilities or malicious content were detected, but the missing WHOIS data and lack of security policies reduce overall security confidence.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement and publish comprehensive privacy and cookie policies to comply with data protection regulations.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

北京硕迪制信科技有限公司

Description:

北京硕迪科技是达索授权SOLIDWORKS正版软件官方代理商,提供正版软件价格、培训认证、免费试用等代理经销服务。硕迪科技也是达索3DEXPERIENCE云平台、Abaqus有限元分析、CST电磁正版软件的经销商,提供软件最新版本费用、买断和一年租赁价格查询及技术咨询专业服务。

Key Services:
SOLIDWORKS正版软件代理3DEXPERIENCE云平台经销Abaqus有限元分析软件销售CST电磁仿真软件销售专业培训与技术支持数字化服务与外包工程
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuerySlick CarouselCKPlayerGoogle Analytics (gtag.js)Baidu Analytics
Platforms:
Web (desktop and mobile)
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
70/100
Best Practices:
  • HTTPS usage (implied by https URLs)
  • No exposed sensitive data in HTML

Analytics & Tracking

Services:
Google AnalyticsBaidu Analytics
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content in Chinese language.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

35/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Third-party services without privacy policy

HIGH

Detected services: Google Analytics

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, health, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

62/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 32 days

Mixed Content Detected

MEDIUM

4 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
4 years(established)
Expiry Risk
none(615 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:8.144.171.117
Name Servers:
dns23.hichina.com
dns24.hichina.com
SOA:Serial: 2025042413, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:385ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

High-Risk Service Exposed: FTP

HIGH

Port 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer

Critical Service Exposed: MSSQL

CRITICAL

Port 1433 (MSSQL) is publicly accessible - MSSQL - Database server

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

Critical Service Exposed: RDP

CRITICAL

Port 3389 (RDP) is publicly accessible - RDP - Remote Desktop, prime ransomware target

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a standard modern web technology stack including jQuery, Slick Carousel for sliders, and CKPlayer for video playback. It integrates Google Tag Manager and Baidu Analytics for tracking user behavior. The site is mobile-optimized with responsive design and includes structured data (JSON-LD) for SEO enhancement. Performance appears moderate with no major issues detected. However, no CMS or hosting provider information was identified. The site could benefit from improved security configurations and enhanced privacy compliance features to reduce technical debt and regulatory risk.
Analyze Another Website