Skip to main content

Is mantrascan.io a Scam? Security Check Results - MANTRA Reviews

mantrascan.io favicon

Is mantrascan.io Safe? Security Analysis for MANTRA

https://mantrascan.io

Check if mantrascan.io is a scam or legitimate. Free security scan and reviews.

TechnologyIcelandsmall
JavaScriptMixpanel analyticsReactTailwind CSSVite+1 more
Analyzed 9/5/2025Completed 8:09:55 PM
55
Security Score
MEDIUM RISK

AI Summary

MANTRAScan is a blockchain explorer dedicated to the MANTRA Chain, providing users with real-time data on transactions, blocks, and addresses. The website targets blockchain users, developers, and investors interested in the MANTRA ecosystem. It operates as a niche service within the blockchain technology sector, with a small-scale business model focused on data exploration services. The domain was registered recently in 2024, consistent with the launch of a new blockchain project. The website branding is consistent with the MANTRA project, and legal documents are hosted on a related domain, mantra.zone. Technically, the website employs modern JavaScript frameworks such as React and uses Mixpanel for analytics. It is hosted behind Cloudflare DNS services, ensuring good SSL configuration and moderate performance. The site is mobile-optimized and has basic accessibility and SEO features. However, the content is mostly placeholder or loading animations, indicating either early development or low traffic. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and explicit security headers. There is no published security policy or incident response information, and no vulnerability disclosure program is evident. Tracking via Mixpanel is present, with a cookie consent mechanism implemented. Privacy policies and terms of service are available on the related mantra.zone domain. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected but room for improvement in security best practices, transparency, and contact information availability. Strategic recommendations include enabling DNSSEC, publishing security and incident response policies, and improving contact and compliance disclosures.

Detected Technologies

JavaScriptMixpanel analyticsReactTailwind CSSViteCloudflare DNS

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

MANTRAScan operates as a specialized blockchain explorer for the MANTRA Chain, positioning itself as a key data service provider within the MANTRA ecosystem. Its competitive advantage lies in offering real-time blockchain data tailored to MANTRA users. The business model is service-oriented, focusing on blockchain data accessibility rather than direct revenue generation. The target customers are blockchain developers, investors, and users requiring transaction and block data. Growth indicators are limited due to the newness of the domain and minimal content. The partnership ecosystem includes the main MANTRA project domain (mantra.zone) and social media channels on Twitter (X), Discord, and Telegram. The company appears to be in an early stage with a small team and limited public business information.

Security Posture Analysis

Comprehensive Security Assessment

The security posture of MANTRAScan is moderate. The site uses HTTPS with a valid SSL certificate and Cloudflare DNS, which provides baseline security. However, the absence of DNSSEC and security headers such as Content-Security-Policy and X-Content-Type-Options reduces the defense-in-depth. No sensitive data exposure or vulnerable libraries were detected. The lack of published security policies, incident response contacts, and vulnerability disclosure programs indicates limited security transparency and preparedness. The cookie consent mechanism and privacy policy presence show some compliance awareness but GDPR compliance is not clearly demonstrated. Overall, the site is functional and secure enough for its purpose but would benefit from enhanced security controls and transparency.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to improve DNS security and prevent spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

MANTRA

Description:

MANTRA Scan is the blockchain explorer for MANTRA Chain, providing real-time data on transactions, blocks, and addresses.

Key Services:
blockchain data explorationtransaction trackingblock and address information
Content Quality:

basic

Branding:

consistent

Technical Stack

Technologies:
JavaScriptMixpanel analyticsReactTailwind CSSViteCloudflare DNS
Frameworks:
React
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

basic

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enforced
  • clientTransferProhibited domain status

Analytics & Tracking

Services:
Mixpanel
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:
Mixpanel
Marketing Tools:
Mixpanel
Transparency Level:basic

Website Quality Assessment

Design Quality:basic
User Experience:basic
Content Relevance:basic
Navigation Clarity:good
Professionalism:basic
Trustworthiness:moderate

Key Observations

1

Website is a blockchain explorer for MANTRA Chain

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

53/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 38 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:mantrascan.io
Issuer:WE1
Valid Until:10/14/2025 (38 days)
SANs:mantrascan.io

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

70/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
1 years(established)
Expiry Risk
low(193 days)
Protection Level
basicDNSSEC OFF
Suspicious Indicators Detected
  • Privacy/proxy registration detected

DNS Records

A Records:104.18.19.213, 104.18.18.213
AAAA Records:2606:4700::6812:12d5, 2606:4700::6812:13d5
Name Servers:
adele.ns.cloudflare.com
osmar.ns.cloudflare.com
SOA:Serial: 2380115843, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:92ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern web technologies including React, Tailwind CSS, and Vite for module bundling. It leverages Mixpanel for user analytics and Cloudflare for DNS and likely CDN services. The site is mobile-optimized and uses modulepreload for performance optimization. However, the content is largely placeholder with loading animations, suggesting incomplete data or low user engagement. No CMS is detected, indicating a custom-built frontend. The site lacks some advanced SEO and accessibility features but has a clean and consistent design. Performance is moderate with room for improvement in content delivery and interactivity. Technical risks include missing DNSSEC and security headers which could be addressed to enhance resilience.
Analyze Another Website