Is brex.com legit?
This site appears trustworthy overall, demonstrating strong foundational security and transparency practices. While there are some minor concerns regarding the number of external scripts and hidden content, these don't overshadow the many positive indicators.
Finance average: 81/100 · based on 48 sites
Checked: April 29, 2026 at 2:28 PM UTC
Is brex.com a scam? Here's what we found.
The site uses a modern TLS version, has a valid SSL certificate, and is not flagged by Google Web Risk. The high number of external scripts is a minor concern that could increase risk.
The domain is nearly 28 years old, indicating a long-standing online presence. While the Certificate Transparency check failed, the registrar is reputable.
The site has moderate global traffic and is clean on all DNS blacklists. The absence of a Trustpilot profile is a minor missing signal, but not critical for its established age.
The site provides clear contact information, comprehensive branding, sitemap, and social media presence. The number of hidden content elements is a mild flag for potential cloaking or UI complexity.
Both a privacy policy and terms of service are easily accessible, indicating good adherence to legal and user expectation for transparency regarding data handling and site use.
DNS resolution is stable, email authentication (DMARC) is configured, and the site uses robust name servers. The DNSSEC is unsigned but it's a common configuration and doesn't detract from strong overall infrastructure.
Signals Detected
This site has moderate global traffic
Site has structured data markup
Domain created 1998-10-22T04:00:00Z (27 years, 11 months ago)
Registered through Amazon Registrar, Inc.
Expires in 174 days
DNSSEC status from WHOIS
This business has no Trustpilot presence — not unusual for smaller or newer companies
Excessive number of external scripts — may indicate malicious injection
Excessive hidden content found — may indicate cloaking or deceptive content
Resolves to: 76.76.21.21
Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., aspmx2.googlemail.com., aspmx3.googlemail.com.
Domain has DMARC email authentication configured
DNS providers: ns-1363.awsdns-42.org., ns-1769.awsdns-29.co.uk., ns-395.awsdns-49.com., ns-598.awsdns-10.net.
Not found on any DNS blacklists
Valid certificate, expires in 87 days
Certificate issued by Let's Encrypt
Connection uses TLS 1.3
Site has custom branding and social media metadata
Site maintains a proper sitemap with 2248 indexed pages
robots.txt has 8 directives and references a sitemap
Site enforces HTTPS via HSTS
Site has Content Security Policy configured
Web server: Vercel
No threats detected by Google Web Risk
crt.sh returned status 502
Website is live and responding
Website appears to have contact information
Website has both privacy policy and terms of service pages
Website links to multiple social media platforms
Could not query Wayback Machine
Fast page load
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.