Is merkle.io legit?

75
/ 100
Mostly Safe
Industry: SaaS

This site appears mostly safe, but you should use some caution due to a few notable missing elements. The primary legal pages are incomplete, and the site redirects to a different domain, which can be unsettling.

SaaS average: 81/100 · based on 62 sites

Checked: April 21, 2026 at 8:40 AM UTC

Is merkle.io a scam? Here's what we found.

Security 90/100

The security configuration is strong, featuring a valid SSL certificate issued by Google, a modern TLS 1.3 connection, and no detected threats by Google Web Risk, ensuring a secure browsing experience.

Identity 80/100

With a domain age of almost 7 years and active DNSSEC, the site shows a reasonable level of established presence, although the WHOIS information being privatized prevents full transparency about ownership.

Reputation 70/100

The site holds a very high Tranco rank and is clean on DNS blacklists, indicating a generally good reputation, but the immediate redirect to a different domain is a minor point of concern.

Transparency 65/100

While contact information is present and the site has custom branding, the absence of a Trustpilot profile and social media links on the homepage reduces overall transparency and avenues for public interaction.

Compliance 60/100

The partial completion of legal pages (missing either a privacy policy or terms of service) is a notable compliance weakness that should be addressed to build user trust.

Infrastructure 85/100

The infrastructure is well-configured with multiple IP addresses, robust email authentication through SPF records, and Cloudflare as a DNS provider, although the sitemap misconfiguration is a minor technical oversight.

Signals Detected

[+]
Tranco Rank: Rank #436

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
SSL Certificate: Valid

Valid certificate, expires in 86 days

[?]
Certificate Issuer: Google Trust Services

Certificate issued by Google Trust Services

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
DNS Resolution: 4 IP(s)

Resolves to: 2606:4700:10::6814:20d1, 2606:4700:10::ac42:9c5c, 104.20.32.209, 172.66.156.92

[+]
Email (MX Records): 5 record(s)

Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., alt4.aspmx.l.google.com., alt3.aspmx.l.google.com.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
Name Servers: 2 server(s)

DNS providers: itzel.ns.cloudflare.com., santino.ns.cloudflare.com.

[+]
Branding: Complete

Site has custom branding and social media metadata

[?]
Sitemap: Misconfigured

Sitemap URL returns non-XML content

[+]
robots.txt: Present

robots.txt has 23 directives

[~]
Redirect Check: Redirects away

Site redirects to https://blinklabs.xyz/

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[?]
Server: Netlify

Web server: Netlify

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[+]
Domain Age: 6 years, 9 months

Domain created 2019-08-22T10:12:39Z (6 years, 9 months ago)

[?]
Registrar: NameCheap, Inc.

Registered through NameCheap, Inc.

[+]
Domain Expiry: 2026-08-22T10:12:39Z

Expires in 123 days

[+]
DNSSEC: signedDelegation

DNSSEC status from WHOIS

[?]
Certificate Transparency: Unable to check

crt.sh returned status 502

[+]
Website Status: Online

Website is live and responding

[+]
Contact Info: Found

Website appears to have contact information

[~]
Legal Pages: Partial

Website is missing either privacy policy or terms of service

[~]
Social Media Presence: None found

No social media links found on homepage

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Page Load Time: 170ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for merkle.io
<a href="https://verified.fyi/review/merkle.io"><img src="https://verified.fyi/badge/merkle.io?size=medium&style=full&theme=dark" alt="merkle.io trust score — verified.fyi" /></a>
[![merkle.io trust score](https://verified.fyi/badge/merkle.io?size=medium&style=full&theme=dark)](https://verified.fyi/review/merkle.io)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating a site like merkle.io, which likely operates in the SaaS or professional services sector given its high global traffic, users expect a high degree of professionalism and transparency. A key observation is the site's impressive global rank, which suggests it's a prominent player. Legitimacy in this space often comes with a history; merkle.io's nearly seven-year domain age is a positive sign, showing longevity that many fly-by-night operations lack. However, it's crucial to understand that merkle.io immediately redirects to blinklabs.xyz. This isn't inherently negative, but it means your ultimate destination (and the entity you're truly interacting with) is blinklabs.xyz. While merkle.io has excellent foundational security like modern TLS and a clean Google Web Risk report, the hidden WHOIS information on its original domain and the partial legal documentation raise flags for the eventual site you land on. Most reputable SaaS companies are upfront about their contact details and comprehensive legal terms to build trust with their user base and comply with regulations. For a domain with such a significant online presence, the absence of social media links on the homepage is also unusual. Established businesses typically leverage these channels for customer engagement and support. When considering engaging with the services offered via blinklabs.xyz, users should specifically seek out comprehensive legal policies and contact information for that domain, as the initial redirect complicates the straightforward assessment of merkle.io itself.