Skip to main content

Is blockpi.io a Scam? Security Check Results - BlockPI Reviews

B

Is blockpi.io Safe? Security Analysis for BlockPI

https://blockpi.io

Check if blockpi.io is a scam or legitimate. Free security scan and reviews.

TechnologyN/amedium
Vue.js (Nuxt.js)Cloudflare DNSModern CSS and JS modules
Analyzed 9/6/2025Completed 6:39:41 AM
60
Security Score
MEDIUM RISK

AI Summary

BlockPI is a technology company specializing in providing global distributed blockchain API services and infrastructure for Web3 developers. Founded in 2021, it offers a robust multichain RPC infrastructure, dedicated node services, validator and AVS operator services, and account abstraction infrastructure. The company has established a strong market presence with over 1000 high-performance nodes deployed globally and partnerships with more than 200 Web3 projects. Technically, the website is built on modern frameworks such as Nuxt.js and uses Cloudflare DNS services, delivering fast performance and excellent mobile optimization. Security posture is good with HTTPS enforced and clientTransferProhibited domain status, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is weak due to the absence of visible privacy and cookie policies. Overall, the website is professional, trustworthy, and well-positioned in the Web3 infrastructure market.

Detected Technologies

Vue.js (Nuxt.js)Cloudflare DNSModern CSS and JS modules

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

BlockPI operates in the blockchain technology sector, targeting Web3 developers and enterprises requiring scalable and reliable RPC services. Its business model includes tiered pricing plans and dedicated node deployments, catering to a range of developer needs from retail to enterprise. The company leverages a broad partnership ecosystem with notable Web3 projects and infrastructure providers, enhancing its market credibility. Growth indicators include high monthly request volumes and extensive node deployment. The company emphasizes cost-effectiveness, flexibility in payment methods, and user-friendly dashboards, positioning itself competitively in the blockchain infrastructure market.

Security Posture Analysis

Comprehensive Security Assessment

The security maturity of BlockPI is moderate to good. The website enforces HTTPS and uses clientTransferProhibited status to protect domain transfers. However, DNSSEC is not enabled, which could enhance DNS security. No explicit security policies or incident response contacts are published on the website, which is a gap in transparency and readiness. No vulnerabilities or exposed sensitive data were detected in the HTML content. The absence of visible security headers like CSP or X-Frame-Options is noted but may be implemented at the server level. Incident response and vulnerability disclosure mechanisms are not evident, suggesting room for improvement in security governance and communication.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC to improve domain name system security and prevent DNS spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

BlockPI

Description:

BlockPI is a global distributed blockchain API service network providing fast, scalable, robust multichain RPC infrastructure for Web3 developers. It offers reliable global distributed blockchain infrastructure, dedicated node services, node and validator services, and account abstraction infrastructure services.

Key Services:
Multichain RPC servicesDedicated node servicesValidator and AVS operator servicesAccount abstraction infrastructureReal-time RPC usage dashboard
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
Vue.js (Nuxt.js)Cloudflare DNSModern CSS and JS modules
Frameworks:
Nuxt.js
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
80/100
Best Practices:
  • HTTPS enforced
  • ClientTransferProhibited domain status
  • No exposed sensitive data in HTML

Analytics & Tracking

Tracking Level:minimal
Privacy Compliance:poor

Advertising & Marketing

Transparency Level:poor

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with no blocking or WAF challenges.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

58/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

48/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

82/100
Score

Complex SPF record

LOW

Too many include statements can cause lookup limits

Strict DMARC Alignment

LOW

Strict alignment may cause legitimate emails to fail

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:_spf.google.com include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com include:stspg-customer.com -all
DKIM Selectors Found
Selector:k20
Selector:mail0
DMARC Details
Policy:reject
Subdomain Policy:reject
Aggregate Reports:service@blockpi.io

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age
4 years(established)
Expiry Risk
low(178 days)
Protection Level
basicDNSSEC OFF
Suspicious Indicators Detected
  • Privacy/proxy registration detected

DNS Records

A Records:104.18.31.117, 104.18.30.117
AAAA Records:2606:4700::6812:1e75, 2606:4700::6812:1f75
Name Servers:
aurora.ns.cloudflare.com
cullen.ns.cloudflare.com
MX Records:
1: aspmx.l.google.com
10: alt3.aspmx.l.google.com
10: alt4.aspmx.l.google.com
5: alt1.aspmx.l.google.com
5: alt2.aspmx.l.google.com

DNSSEC Status

DNSSEC Not Enabled

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern web technologies, primarily Nuxt.js (Vue.js framework), with modular JavaScript and CSS assets. Hosting and DNS are managed via Cloudflare, providing performance and security benefits. The site demonstrates fast loading times, excellent mobile responsiveness, and good SEO practices with proper meta tags and Open Graph data. The technical infrastructure supports a scalable and reliable Web3 API service platform. There is no evidence of legacy or vulnerable libraries in the provided HTML. The domain registration is privacy protected but consistent with a legitimate startup profile. Overall, the technical implementation supports the business goals effectively with minor areas for security enhancement.
Analyze Another Website