Skip to main content

Is youzan.com a Scam? Security Check Results - 有赞 Reviews

youzan.com favicon

Is youzan.com Safe? Security Analysis for 有赞

https://youzan.com

Check if youzan.com is a scam or legitimate. Free security scan and reviews.

TechnologyChinalarge
React (implied by _next/static chunks)Next.jsCSS ModulesJavaScript ES6+Baidu Analytics+2 more
Analyzed 8/2/2025Completed 8:04:51 AM
71
Security Score
MEDIUM RISK

AI Summary

有赞是一家专注于智能CRM管理系统和营销自动化解决方案的领先科技企业,主要服务于零售品牌、销售员和门店运营者。其业务涵盖公域获客、私域复购、门店效率提升及智能升级等多个领域,拥有超过55,000个品牌客户和200多万销售人员的支持。网站内容丰富,设计专业,技术架构现代,支持移动端优化,整体用户体验优良。安全方面,有赞展示了多项行业认证和安全资质,采用HTTPS加密,且表单设计符合隐私政策要求,体现出较高的安全成熟度。尽管WHOIS信息缺失,网站的业务可信度和专业性依然较高,适合目标客户群体使用。

Detected Technologies

React (implied by _next/static chunks)Next.jsCSS ModulesJavaScript ES6+Baidu AnalyticsMicrosoft ClarityVarious marketing and tracking scripts

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

有赞在中国新零售和社交电商领域占据重要市场地位,提供多样化的SaaS产品和解决方案,覆盖CRM、营销自动化、门店管理、分销及直播电商等。其商业模式基于为品牌和销售人员赋能,促进客户关系管理和销售转化。通过合作伙伴和子公司如新零售平台和跨境电商平台,构建了广泛的生态系统。网站内容强调行业案例和客户成功,显示出强大的市场竞争力和客户信任。营销和广告实践透明,结合百度广告和微软Clarity等工具进行数据分析和用户行为追踪。

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (2)

i*****@youzan.com
b*****@youzan.com

Phone Numbers (1)

057*******

Security Posture Analysis

Comprehensive Security Assessment

网站采用HTTPS,具备良好的SSL配置,且展示了ISO 27001、信息安全等级保护三级、PCI DSS等多项安全认证,表明其具备较高的信息安全管理水平。网站表单均链接隐私政策和用户协议,体现合规意识。未发现明显安全漏洞或敏感信息泄露。建议补充安全响应联系方式和漏洞披露机制,增强安全透明度。缺少显式的安全HTTP头部信息,建议完善以提升防护能力。

Strategic Recommendations

Priority Actions for Security Improvement

1

完善并公开安全事件响应和漏洞披露渠道,提升安全透明度。

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

有赞

Description:

客户关系管理(CRM)帮零售品牌管理客户关系,用营销自动化软件、智能运营系统,提高销售和利润率。有赞帮助60万+品牌,赋能228万销售和导购,在线管理5.6亿客户关系。免费试用全渠道CRM管理系统。

Key Services:
智能CRM管理系统营销自动化解决方案门店管理系统私域客户运营智能导购系统分销平台直播电商解决方案
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
React (implied by _next/static chunks)Next.jsCSS ModulesJavaScript ES6+Baidu AnalyticsMicrosoft ClarityVarious marketing and tracking scripts
Frameworks:
Next.js
Platforms:
Web
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • Secure forms with privacy policy and user agreement links
  • Use of recognized security certifications
  • No exposed sensitive data found in HTML

Analytics & Tracking

Services:
Baidu AnalyticsMicrosoft Clarity
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Ad Networks:
Baidu Ads
Tracking Pixels:
Microsoft ClarityBaidu Analytics
Marketing Tools:
有赞广告投放
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and professional design.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

65/100
Score

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

72/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:spf.mail.qq.com -all
DNS Lookups:1/10
Policy:-all
DMARC Details
Policy:quarantine
Aggregate Reports:mailauth-reports@qq.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

90/100
Score

Mixed Content Detected

MEDIUM

4 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:*.youzan.com
Issuer:sslTrus (RSA) OV CA
Valid Until:12/6/2025 (126 days)
SANs:*.youzan.com, youzan.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Registration Details

Domain Age
17 years(mature)
Expiry Risk
none(1667 days)
Protection Level
moderateDNSSEC OFF

DNS Records

A Records:106.75.121.230, 140.143.255.205
Name Servers:
ns3.dnsv5.com
ns4.dnsv5.com
MX Records:
5: mxbiz1.qq.com
10: mxbiz2.qq.com

DNSSEC Status

DNSSEC Not Enabled

SPF Analysis

SPF Record:
v=spf1 include:spf.mail.qq.com -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

网站基于Next.js框架构建,采用现代前端技术栈,支持响应式设计和移动端优化。加载速度快,SEO优化良好,结构清晰。集成百度统计和微软Clarity进行用户行为分析。未检测到使用传统CMS,可能为定制开发平台。技术架构现代且稳定,适合支撑大规模用户访问和复杂业务需求。建议持续关注性能监控和安全更新,确保长期稳定运营。
Analyze Another Website