What is the security status of xzstar.com?

xzstar.com has a security score of 45/100, rated as Potentially Unsafe. The website may have security concerns that should be addressed.

Is xzstar.com safe to use?

Our security scan shows xzstar.com is Potentially Unsafe. SSL security issues detected. Always practice safe browsing habits.

Does xzstar.com have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 45/100, the website is rated as Potentially Unsafe. However, websites can change over time, so always use updated security software.

What is xzstar.com's trust score?

xzstar.com has a security score of 45/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is xzstar.com Safe? Security Analysis for 花卉苗木养殖知识大全 - 星百科

https://xzstar.com

Check if xzstar.com is a scam or legitimate. Free security scan and reviews.

OtherChinasmall

jQuery 3.5.1CSSJavaScript

Analyzed 8/3/2025Completed 5:23:50 PM

Security Score

HIGH RISK

AI Summary

The website '花卉苗木养殖知识大全 - 星百科' is a Chinese-language content platform dedicated to sharing comprehensive knowledge about flower and plant cultivation, care techniques, and pest control. It targets gardening enthusiasts and the general public interested in horticulture. The business model is primarily content publishing with a niche focus on horticulture. The site is powered by Emlog Pro CMS and hosted by Alibaba Cloud in China, reflecting a mature domain established in 2008. Technically, the site uses standard web technologies including jQuery and CSS, with moderate performance and good mobile optimization. However, it lacks advanced security headers and DNSSEC, which are recommended for improved security posture. No privacy, cookie, or terms of service policies are present, indicating gaps in compliance. Contact information and incident response details are absent, limiting user trust and support avenues. Overall, the site is functional and content-rich but would benefit from enhanced security and privacy practices.

Detected Technologies

jQuery 3.5.1CSSJavaScript

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

The website occupies a niche market in horticulture knowledge dissemination, focusing on flower and plant care. It leverages content marketing to attract gardening enthusiasts and likely generates value through informational content rather than direct sales. The presence of partner links to landscaping, formaldehyde removal, plant leasing, and seedling wholesale companies suggests a modest partnership ecosystem. The domain's long age supports credibility, but the absence of direct company information and contact details limits transparency. The business appears small-scale and content-driven, with opportunities to expand through clearer business identity and enhanced user engagement.

Security Posture Analysis

Comprehensive Security Assessment

The website employs HTTPS, ensuring encrypted communication, but lacks DNSSEC and important security headers such as Content-Security-Policy and Strict-Transport-Security. No evidence of vulnerable libraries was found, but the absence of privacy and cookie policies indicates compliance gaps. The site does not provide incident response contacts or security policies, which are critical for handling security events. Overall, the security posture is basic and would benefit from implementing recommended security headers, DNSSEC, and formal privacy and incident response documentation to improve trust and resilience.

Strategic Recommendations

Priority Actions for Security Improvement

Enable DNSSEC to secure DNS queries and prevent spoofing.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Description:

星百科专注分享最新花卉苗木资讯，各种花卉苗木养殖方法及注意事项，分享养花技巧、病虫害防治诊疗知识分享等。

Key Services:

horticulture knowledge articlesplant care tipsdisease and pest control information

Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:

jQuery 3.5.1CSSJavaScript

Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

basic

Security Assessment

Security Score:

60/100

Best Practices:

HTTPS enabled

Analytics & Tracking

Tracking Level:minimal

Privacy Compliance:poor

Advertising & Marketing

Transparency Level:poor

Website Quality Assessment

Design Quality:good

User Experience:good

Content Relevance:good

Navigation Clarity:good

Professionalism:good

Trustworthiness:moderate

Key Observations

Website is a Chinese horticulture knowledge base focused on flower and plant cultivation.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100

Score

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100

Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

85/100

Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 79 days

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:www.xzstar.com

Issuer:Encryption Everywhere DV TLS CA - G2

Valid Until:10/21/2025 (79 days)

SANs:www.xzstar.com, xzstar.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:139.224.83.112

Name Servers:

dns17.hichina.comDNS only

dns18.hichina.comDNS only

SOA:Serial: 2025032613, TTL: 600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:344ms

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100

Score

Critical Service Exposed: RDP

CRITICAL

Port 3389 (RDP) is publicly accessible - RDP - Remote Desktop, prime ransomware target

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a traditional web stack with jQuery 3.5.1 and CSS, running on Emlog Pro CMS. Hosting is provided by Alibaba Cloud, a reputable provider. The site is mobile-optimized with good navigation and content structure. Performance is moderate, with no major errors detected. However, the lack of modern frameworks or advanced SEO and accessibility features suggests room for modernization. The absence of analytics or tracking scripts indicates minimal user tracking, which aligns with privacy considerations but may limit marketing insights.

Analyze Another Website

Is xzstar.com a Scam? Security Check Results - xzstar.com Reviews

Is xzstar.com Safe? Security Analysis for 花卉苗木养殖知识大全 - 星百科

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Strict-Transport-Security header

Missing X-Frame-Options header

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

No Privacy Policy found

No Cookie Policy found

No Cookie Consent Banner found

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

Critical sector without clear security compliance

📧Email Security

Email Security

No DKIM record found

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

No email authentication configured

🏆SSL/TLS Security

SSL/TLS Security

SSL Certificate Expires Within 90 Days

Mixed Content Detected

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

No DMARC Record

DNS Records

DNSSEC Status

DNS Performance

⚡Network Security

Network Security

Critical Service Exposed: RDP

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

www.ghyl888.com

www.cscjq.cn

www.zhongshuyy.com

www.maomihuahui.com