Skip to main content

Is wsszzx.com a Scam? Security Check Results - 惟世国际教育 Reviews

Is wsszzx.com Safe? Security Analysis for 惟世国际教育

https://wsszzx.com

Check if wsszzx.com is a scam or legitimate. Free security scan and reviews.

EducationChinamedium
jQuerySwiper.jsSweetAlert2Baidu AnalyticsGoogle Analytics+2 more
Analyzed 8/4/2025Completed 2:50:47 PM
38
Security Score
HIGH RISK

AI Summary

惟世国际教育是一家专注于国际课程辅导和留学考试培训的在线教育平台,提供包括A-level、IB、AP、IGCSE、OSSD等多种国际课程辅导服务。该平台面向全球中小学及高中阶段学生,致力于为学生提供一站式的课程辅导和考试培训,帮助学生实现从低龄国际课程到本科阶段的无缝衔接。网站内容丰富,课程介绍详细,辅以大量热门科目和考试辅导,体现出较强的专业性和市场定位。技术上,网站采用了多种现代前端技术和第三方分析工具,支持移动端良好,整体性能表现中等偏上。安全方面,网站启用了HTTPS,但缺少安全头部配置和隐私合规机制,且WHOIS信息缺失,存在一定的信任风险。建议加强安全头部配置,完善隐私政策和cookie同意机制,并核实域名注册信息以提升整体可信度。

Detected Technologies

jQuerySwiper.jsSweetAlert2Baidu AnalyticsGoogle AnalyticsFxiaoke Marketing Script53KF Customer Service Script

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

惟世国际教育在国际教育培训领域拥有较为明确的市场定位,专注于为国际课程学生提供个性化辅导和考试培训,拥有丰富的导师资源和多年教学经验。其业务模式以在线一对一辅导为主,结合多样化课程和考试辅导,满足不同学生需求。网站展示了较强的内容营销能力和用户互动设计,利用第三方营销和客服工具提升客户转化。缺乏公开的公司注册信息和WHOIS数据,可能影响潜在客户的信任。未来可通过加强品牌透明度和合规性,拓展合作伙伴关系,提升市场竞争力。

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

131*******

Security Posture Analysis

Comprehensive Security Assessment

网站采用HTTPS保障数据传输安全,未发现明显的敏感信息泄露或漏洞。使用了多种第三方脚本进行数据分析和营销,但缺少安全头部(如CSP、HSTS等)配置,存在一定的安全隐患。未检测到隐私合规的cookie同意机制,可能存在合规风险。WHOIS信息缺失是一个重要的安全和信任隐患,建议尽快核实域名注册状态。整体安全成熟度中等,需加强安全策略和合规措施以降低潜在风险。

Strategic Recommendations

Priority Actions for Security Improvement

1

核实并公开域名注册信息,确保域名合法性和透明度

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

惟世国际教育

Description:

惟世国际教育是专注于A-level课程.IB课程.AP课程.IGCSE等国际课程辅导,为全球顶级中小学精英院校的学生提供选课指导以及课程补习服务,让学生从低龄国际课程到本科阶段的无缝衔接,提供一站式提升辅导方案。

Key Services:
A-level辅导IGCSE辅导IB辅导AP辅导OSSD辅导国际考试培训
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuerySwiper.jsSweetAlert2Baidu AnalyticsGoogle AnalyticsFxiaoke Marketing Script53KF Customer Service Script
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
80/100
Best Practices:
  • HTTPS enabled
  • No exposed sensitive data in HTML
  • Use of secure external scripts

Analytics & Tracking

Services:
Baidu AnalyticsGoogle Analytics
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Marketing Tools:
Fxiaoke Marketing Script53KF Customer Service
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:excellent
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is fully accessible with rich content and navigation

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

35/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Third-party services without privacy policy

HIGH

Detected services: Google Analytics

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

47/100
Score

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

Mixed Content Detected

MEDIUM

6 resources loaded over insecure HTTP

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:8.142.104.40
Name Servers:
dns23.hichina.comDNS only
dns24.hichina.comDNS only
SOA:Serial: 2025042413, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:381ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

网站采用了jQuery、Swiper.js、SweetAlert2等成熟的前端技术,结合百度和谷歌分析工具进行用户行为跟踪。图片资源托管于阿里云OSS,体现一定的云基础设施应用。页面设计响应式良好,适配移动端设备。SEO优化较为完善,包含关键词和描述元标签。缺少CMS信息,可能为定制开发。性能表现中等,部分动画和滑动效果可能影响加载速度。建议优化安全头部和隐私合规性,提升技术架构的安全性和合规性。
Analyze Another Website