Is trezor.io legit?
This website is mostly safe, demonstrating strong infrastructure and reputation signals typical of an established entity. However, some common e-commerce red flags like unrealistic discounts and non-reversible payment methods warrant caution, alongside a high number of external scripts that could pose a security risk.
Crypto average: 79/100 · based on 25 sites
Checked: April 29, 2026 at 8:07 PM UTC
Is trezor.io a scam? Here's what we found.
The site uses modern TLS 1.3 with a valid certificate, and Google Web Risk shows no threats. However, 27 external scripts add significant risk, and the certificate expiring in 34 days needs immediate attention to maintain secure connections.
The domain is nearly 12 years old and complete branding indicates a well-established company with a clear identity. The unrealistic discounts are a significant concern that detracts from the otherwise strong identity.
With a high Tranco rank and clean DNS blacklists, the site enjoys a good reputation. The absence of a Trustpilot profile is not a strong indicator for established businesses, and the domain's age reinforces trust.
The site provides contact information, legal pages, and a robust social media presence, promoting clear communication and accountability.
Legal pages for privacy and terms are present. However, the use of non-reversible payment methods, while common for certain products, introduces consumer protection concerns that impact compliance with common best practices.
Excellent infrastructure with multiple DNS records, robust email authentication (SPF, DMARC), Cloudflare nameservers, and DNSSEC. The server is consistently online and loads quickly, indicating a professionally managed setup.
Signals Detected
This is a well-known, high-traffic website
Site uses structured data identifying itself as: WebSite
Site advertises discounts over 70% — common in fraudulent e-commerce
Mentions non-reversible payment methods: bitcoin, wire transfer
Excessive number of external scripts — may indicate malicious injection
Valid certificate, expires in 34 days
Certificate issued by Let's Encrypt
Connection uses TLS 1.3
Resolves to: 2606:4700:10::ac42:86f5, 2606:4700:10::ac42:896f, 172.66.134.245, 172.66.137.111
Mail servers: aspmx.l.google.com., alt1.aspmx.l.google.com., alt2.aspmx.l.google.com., aspmx2.googlemail.com., aspmx3.googlemail.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: jeff.ns.cloudflare.com., lucy.ns.cloudflare.com.
This business has no Trustpilot presence — not unusual for smaller or newer companies
robots.txt has 16 directives and references a sitemap
Site has custom branding and social media metadata
Site enforces HTTPS via HSTS
Site has Content Security Policy configured
X-Frame-Options: DENY
Web server: cloudflare
No threats detected by Google Web Risk
Domain created 2014-07-21T08:45:45Z (11 years, 11 months ago)
Registered through Cloudflare, Inc
Expires in 813 days
DNSSEC status from WHOIS
No sitemap found — common for smaller sites
crt.sh returned status 502
Website is live and responding
Website appears to have contact information
Website has both privacy policy and terms of service pages
Website links to multiple social media platforms
Could not query Wayback Machine
Not found on any DNS blacklists
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.