Skip to main content

Is uprimer.net a Scam? Security Check Results - 上海汇付锦翰信息技术有限公司 Reviews

uprimer.net favicon

Is uprimer.net Safe? Security Analysis for 上海汇付锦翰信息技术有限公司

https://uprimer.net

Check if uprimer.net is a scam or legitimate. Free security scan and reviews.

FinanceChinalarge
JavaScriptVue.js (implied by Nuxt.js usage)Nuxt.jsGoogle Tag ManagerBing Ads+2 more
Analyzed 8/2/2025Completed 4:09:01 PM
54
Security Score
MEDIUM RISK

AI Summary

汇付国际官网为上海汇付锦翰信息技术有限公司提供跨境支付及增值服务,专注于跨境电商支付解决方案,支持境内外企业的全球市场拓展。网站采用现代技术栈Nuxt.js,托管于阿里云,技术实现较为成熟,具备良好的移动端优化和SEO表现。安全方面,网站启用HTTPS,但缺少部分安全头和DNSSEC,且未公开隐私及Cookie政策,存在一定合规风险。整体业务信息清晰,合作伙伴关系明确,体现较高的商业可信度。

Detected Technologies

JavaScriptVue.js (implied by Nuxt.js usage)Nuxt.jsGoogle Tag ManagerBing AdsBaidu AnalyticsQiyu Customer Service Script

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

汇付国际定位为跨境支付行业的重要参与者,拥有广泛的服务产品线和行业奖项,合作伙伴包括Airwallex和iPayLinks等知名金融科技企业。其业务模式基于金融科技解决方案,服务对象主要为跨境电商企业,市场覆盖全球多个国家和地区。公司成立于2016年,隶属于汇付天下集团,具备较强的行业影响力和客户基础。网站内容专业,品牌形象一致,体现出较强的市场竞争力和成长潜力。

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

021*******

Security Posture Analysis

Comprehensive Security Assessment

网站安全措施包括HTTPS加密和部分安全认证,但缺少公开的安全政策和事件响应渠道,DNSSEC未启用,安全头信息缺失,存在提升空间。未发现明显漏洞或敏感信息泄露,使用的第三方脚本较多,需关注潜在的隐私和安全风险。整体安全成熟度中等,建议加强合规披露和安全防护措施以提升客户信任。

Strategic Recommendations

Priority Actions for Security Improvement

1

发布并公开隐私政策和Cookie政策,明确GDPR及相关法规合规措施。

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

上海汇付锦翰信息技术有限公司

Description:

汇付国际是一站式跨境支付和增值服务提供商,提供专业高效的跨境电商支付解决方案,帮助境内企业拓展全球市场,支持境外企业参与中国市场,积极响应“支付出海”政策,拓展海外业务。

Key Services:
平台收款外贸收款快速结汇全球收单海外购虚拟信用卡
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
JavaScriptVue.js (implied by Nuxt.js usage)Nuxt.jsGoogle Tag ManagerBing AdsBaidu AnalyticsQiyu Customer Service Script
Frameworks:
Nuxt.js
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
70/100
Best Practices:
  • HTTPS enforced
  • No exposed sensitive data in HTML
  • Use of third-party security and analytics scripts

Analytics & Tracking

Services:
Baidu AnalyticsGoogle Tag ManagerBing Ads
Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Ad Networks:
Bing Ads
Tracking Pixels:
Baidu AnalyticsBing Ads
Marketing Tools:
Bing AdsBaidu Analytics
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is fully accessible with no blocking or WAF challenges.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

35/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Third-party services without privacy policy

HIGH

Detected services: Google Analytics

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 69 days

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:101.133.158.196
Name Servers:
dns17.hichina.comDNS only
dns18.hichina.comDNS only
SOA:Serial: 2025032613, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:47ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

网站基于Nuxt.js框架,采用服务端渲染技术,提升SEO和性能表现。托管于阿里云,域名注册信息正规。页面设计现代,响应式良好,支持移动设备访问。使用多种第三方分析和营销工具,缺少部分安全配置和隐私合规措施。整体技术架构稳健,但存在安全和合规方面的改进空间。
Analyze Another Website