Domain Due Diligence
Report for Iherb.com
Why we think so
iHerb (iherb.com) is a large, long-running online supplements and wellness retailer with ~39 million monthly visits and a global rank near #1,000. It shows enterprise-grade infrastructure (MarkMonitor WHOIS, Cloudflare, major payment providers) and public contact points, but recent product recalls, numerous customer complaints about refunds/charges, and a mix of legal notices mean consumers should proceed with caution. π‘οΈ
Risk Insights
Large, established retailer
Operational concerns to check
Contradictory Signals
The site is clearly a large, legitimate business from a technical and ownership standpoint, but recurring service and safety issues create a real consumer risk.
Signal A: Enterprise-grade infrastructure and long domain history (supports legitimacy)
Signal B: Repeated, serious consumer complaints and recent recall (undermines trust in operations)
Category Scores
Red Flags & Warnings
-
Numerous consumer complaints alleging refund issues, unauthorized charges, and poor dispute resolution on BBB and review sites.
-
Recent high-profile product recall (June 2025) for California Gold Nutrition iron supplements distributed via iHerb, which raises safety and compliance concerns.
-
Multiple legal notices and past regulatory disputes in different jurisdictions (e.g., Proposition 65 complaint; past country-level actions) indicate recurring compliance friction.
π Detailed Checks & Analysis
Domain age & registrar
Domain age & registrar
"Long registration (1997) and MarkMonitor management point to a stable, corporate-controlled domain rather than a short-lived scam site."
Reason: Domain was registered in 1997 and is managed via MarkMonitor, a registrar commonly used by corporations to protect brands.
Traffic & market position
Traffic & market position
"Traffic patterns (high direct + search share) and category #1 rank for Health/Alternative & Natural Medicine support that iHerb is a major retailer, not an obscure storefront."
Reason: High monthly visits (~39M) and strong global/category rank indicate broad usage and real marketplace activity.
Technical infrastructure & security
Technical infrastructure & security
"Presence of Cloudflare, valid SSL, SPF and many domain verification records shows active security and platform management practices."
Reason: Uses Cloudflare CDN, valid SSL, multiple verification TXT records, and enterprise security tooling.
Payments & e-commerce integrations
Payments & e-commerce integrations
"Supported payment rails and cart/checkout technologies are consistent with established online retailers and provide dispute mechanisms for buyers."
Reason: Integrates major payment providers (PayPal, Adyen, Klarna) and typical e-commerce systems, reducing fraud risk for transactions.
Public contact & ownership transparency
Public contact & ownership transparency
"Clear corporate addresses and working support/recall emails make it easier to escalate issues compared with anonymous operators."
Reason: Public company addresses, corporate WHOIS entries, and working support emails are available.
Blacklist & phishing risk
Blacklist & phishing risk
"Absence from these blacklists lowers the probability that the site hosts phishing or malware content at the time of check."
Reason: No matches on crypto scam blacklists and Google Safe Browsing shows no threats.
Consumer complaints & regulatory events
Consumer complaints & regulatory events
"Frequent, recent complaints and a public product recall are material concerns for buyers; they reduce trust despite the site's corporate scale."
Reason: Multiple customer complaints about refunds, alleged unauthorized charges, and slow/partial resolutions are documented across review sites and BBB.
Your Next Steps
-
1If you plan to purchase: prefer card payments or PayPal so you can dispute charges if needed.
-
2Check recent reviews on BBB, Sitejabber, and consumer sites for refund and shipment patterns in your country before ordering.
-
3Verify product recalls or safety notices for items you intend to buy (CPSC and major news coverage).
-
4For suspicious charges, contact your bank immediately and request a chargeback while preserving order/communication records.
-
5Report unresolved consumer fraud to your local consumer protection agency and to platforms where you found the listing.
Evidence & Citations
-
iHerb | Traffic and engagement (SimilarWeb)
SimilarWeb records ~39M monthly visits, a global rank near #1,014, and traffic source mix (majority direct and search).
-
Technology stack and integrations for iherb.com (SimilarTech)
Shows Cloudflare CDN, major payment providers (PayPal, Adyen, Klarna), and multiple security/verification services β consistent with enterprise e-commerce.
-
WHOIS, DNS and SSL details for iherb.com
WHOIS shows registration in 1997, MarkMonitor registrar, corporate contact details, Cloudflare nameservers, and current valid SSL certificate.
-
Public contact info and corporate emails scraped from site
Site exposes customer support and privacy emails (customersupport@iherb.com, privacy@iherb.com) plus verified social links and a Google Places listing with phone and address.
-
News: Product recall and press coverage (CPSC, ConsumerAffairs, Prevention)
Multiple outlets report a June 2025 recall affecting tens of thousands of bottles sold via iHerb, a material operational issue.
-
Customer complaints and reported fraud/charge issues (aggregate review analysis)
Consumer reports include refund disputes, alleged unauthorized charges, and unresolved account issues; several complaints remain open or only partially resolved.
-
Trademark search results for IHERB marks (USPTO)
USPTO records show live registrations related to IHERB-branded marks, supporting brand ownership claims.
π΅π» Keep investigating
Run another instant due diligence scan on any website URL. Verify before you trust!
Phishing crews spin up carbon-copy login portals for CRM and finance tools, siphoning credentials before users realize t...
Read playbook βGiveaway pages entice with consoles or flights, then harvest card data and selfies βfor verification.β ScamAI checks reg...
Read playbook β