Skip to main content

Is tianqi.com a Scam? Security Check Results - 天气网 Reviews

Is tianqi.com Safe? Security Analysis for 天气网

https://tianqi.com

Check if tianqi.com is a scam or legitimate. Free security scan and reviews.

OtherChinalarge
jQuery 1.8.2EChartsBaidu AnalyticsBaidu Link SubmitJavaScript+2 more
Analyzed 8/4/2025Completed 3:54:56 AM
57
Security Score
MEDIUM RISK

AI Summary

天气网 is a large Chinese weather information portal providing comprehensive weather forecasts, historical weather data, air quality indices, weather news, and lifestyle content primarily targeting Chinese-speaking users. The website is professionally designed with good navigation and content relevance, serving as a trusted source for weather-related information in China. Technically, the site uses established JavaScript libraries such as jQuery and ECharts, integrates Baidu analytics, and enforces HTTPS, indicating a moderate level of digital maturity. However, mobile optimization and accessibility are basic and could be improved. Security posture is adequate with HTTPS but lacks visible security headers and explicit privacy and cookie policies, which are areas for enhancement. The WHOIS data is missing, which raises some legitimacy concerns, but official ICP and public security filings support the site's authenticity. Overall, the site is functional, trustworthy, and serves its business purpose well.

Detected Technologies

jQuery 1.8.2EChartsBaidu AnalyticsBaidu Link SubmitJavaScriptHTML5CSS

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The website operates in the information services sector, focusing on weather data and related lifestyle content. It targets a broad audience including general public and travelers in China. The business model appears to rely on advertising and providing value-added services such as weather widgets and plugins. The site maintains partnerships with various content and service providers as evidenced by numerous external links. The presence of official ICP license and public security备案 indicates compliance with Chinese regulatory requirements. The lack of detailed company registration information and WHOIS data limits deeper business intelligence insights. The site is positioned as a leading weather information provider in China with a large user base and extensive content offerings.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

k*****@tianqi.com

Security Posture Analysis

Comprehensive Security Assessment

The website enforces HTTPS, which is mandatory for secure communication. However, the absence of security headers such as Content Security Policy (CSP), X-Frame-Options, and HSTS reduces its defense-in-depth posture. No exposed sensitive data or vulnerable libraries were detected in the provided scripts. The site lacks explicit privacy and cookie policies and does not provide clear incident response or security contact information, which are gaps in compliance and security transparency. The use of third-party analytics (Baidu) introduces moderate user tracking. Overall, the security posture is moderate but could be significantly improved by implementing security headers, privacy compliance mechanisms, and incident response disclosures.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement comprehensive privacy and cookie policies with user consent mechanisms to enhance compliance and user trust.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

天气网

Description:

天气网提供全国及世界各大城市天气预报查询以及历史天气查询,实时天气查询,准确提供一周天气预报查询及未来天气预报15天,30天,40天,7天,10天,未来十五天天气查询,并且为用户提供生活指数、健康指数、旅游攻略、交通出行、空气质量指数,及各类天气预报和生活资讯。

Key Services:
weather forecastshistorical weather dataair quality indexweather newstravel and lifestyle contentweather widgets/plugins
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
jQuery 1.8.2EChartsBaidu AnalyticsBaidu Link SubmitJavaScriptHTML5CSS
Performance:

moderate

Mobile:

basic

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enforced
  • No visible sensitive data exposure
  • No vulnerable libraries detected in scripts

Analytics & Tracking

Services:
Baidu Analytics
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Baidu Analytics
Marketing Tools:
Baidu Link Submit
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website provides comprehensive weather information for China and international cities.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

50/100
Score

No Privacy Policy found

HIGH

GDPR requires a clear and accessible privacy policy

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

GDPR Compliance Analysis

Privacy Policy0% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, banking, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

65/100
Score

No SPF record found

HIGH

SPF helps prevent email spoofing

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
DMARC Details
Policy:none
MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

Mixed Content Detected

MEDIUM

32 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.2TLSv1.3TLSv1.1

OCSP Status

OCSP Stapling Enabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

No MX Records

LOW

Domain cannot receive email without MX records

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Registration Details

Domain Age
23 years(mature)
Expiry Risk
low(243 days)
Protection Level
moderateDNSSEC OFF

DNS Records

A Records:163.181.254.227
Name Servers:
f1g1ns1.dnspod.net
f1g1ns2.dnspod.net

DNSSEC Status

DNSSEC Enabled

DNS Performance

Resolution Time:475ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a traditional tech stack with jQuery 1.8.2, ECharts for data visualization, and Baidu analytics for tracking. The HTML content is well-structured with proper meta tags for SEO. The site loads scripts from its own static domain and trusted third parties. Performance is moderate with some legacy libraries that could be updated. Mobile optimization is basic, and accessibility features are minimal. No CMS or hosting provider information was detected. The site uses HTTPS but lacks advanced security headers. Overall, the technical implementation is stable but could benefit from modernization and enhanced security controls.
Analyze Another Website