Jsdelivr.net (Domain) Investigation & Evidence Report
Generated on Jan 24, 2026
jsdelivr.net
http://jsdelivr.netWhy we think so?
jsdelivr.net is a recognized content delivery network (CDN) popular for hosting and distributing JavaScript and CSS files. It serves over 1.2 million visits monthly, primarily from China (27%), the US (13%), and India (8%), with users spending about 94 seconds per visit and an average of 2.24 pages viewed per session. The domain was registered in 2012 through Amazon Registrar and maintains typical DNS and WHOIS records for a reliable CDN. No trademarks are registered that conflict with its name. While the site itself is not blacklisted and passes Google's Safe Browsing checks, jsdelivr.net has been involved in security incidents mainly due to external abuse, including impersonation by a similar-looking domain and hosting malicious npm packages cached on its CDN. These issues have been addressed collaboratively, but they highlight supply chain risks common to open-source services. Overall, jsdelivr.net is generally regarded as legitimate and safe, though developers should use standard security practices such as integrity checks and vigilance for abuse.
Risk Insights
Established Domain and DNS Setup
- Registered in 2012 with Amazon Registrar
- Standard DNS and WHOIS records
- No registrar abuse flags
Stable and Legitimate Traffic Patterns
- 1.2M monthly visits
- Mainly direct and referral traffic
- Primary users from China, US, India
External Abuse Incidents Reported
- Typosquatting domain caused phishing issues
- Malicious npm packages cached temporarily
- Issues addressed by developers
Category Scores
Red Flags & Warnings
- Historic incidents of domain impersonation via cdn.jsdeliver.net injecting malicious scripts.
- Malicious npm packages cached on the CDN after removal led to phishing attacks.
Detailed Checks & Insights
0-100 Scale
Domain Ownership and Age Check
Score: 90
Domain Ownership and Age Check
"Registered with Amazon Registrar since 2012; WHOIS info consistent and no unusual flags."
Reason: jsdelivr.net domain was registered in 2012 through a reputable registrar and appears stable.
Traffic and Usage Analysis
Score: 75
Traffic and Usage Analysis
"Majority traffic direct or from referrals; global user base with expected bounce rate (55%)."
Reason: Over 1.2 million visits monthly with typical engagement metrics and no suspicious spikes.
Blacklist and Security Flags
Score: 90
Blacklist and Security Flags
"No malware or phishing detected in major security databases as of latest scans."
Reason: Site is not listed on Google Safe Browsing or crypto scam blacklists, indicating good standing.
Trademark and Brand Verification
Score: 85
Trademark and Brand Verification
"USPTO search reveals zero conflicting trademarks for the name."
Reason: No trademark conflicts found for 'jsdelivr' reducing impersonation risks.
Reputation and Scam Reports
Score: 70
Reputation and Scam Reports
"Incidents stem from third-party abuse rather than service misuse; mitigations underway."
Reason: Reviews praise service performance, though some external abuse reported via typosquatting and malicious cached packages.
Your Next Steps
-
1
Developers should verify npm packages before use and apply Subresource Integrity (SRI) checks when loading resources from jsdelivr.net.
-
2
Monitor for similar or lookalike domains that may attempt phishing or malware distribution.
-
3
Stay updated on supply chain security advisories related to open-source CDN services like jsdelivr.net.
Key Evidence & Citations
-
jsDelivr Forum: Issue #18070 - Typosquatting Attack
⤷ Reports on fake mirror domain injecting malicious JS.
-
Global CDN Service Exposes Users to Phishing Attacks
⤷ Details phishing campaigns abusing cached malicious npm packages.
-
jsDelivr Whois and DNS Information
⤷ Domain registered 2012 at Amazon Registrar with normal DNS setup.
-
SimilarWeb Analytics for jsdelivr.net
⤷ Traffic and engagement statistics as of December 2025 show stable usage.
-
Google Safe Browsing and Crypto Scam Checks
⤷ jsdelivr.net cleared of phishing or scam listings.
📌 More checks:
🕵🏻 Keep vetting
Run another instant due diligence scan on any domain. Verify before you subscribe or shop!
Investigate crypto investment landing pages »High-pressure funnels promise impossible APYs and embed unlicensed wallets or merchant IDs. ScamAI dissects the hosting...
Check government tax refund portals for authenticity »Fraudsters spoof tax agencies during filing season, promising fast refunds if you hand over SSNs and card data. ScamAI p...
Community feedback
Not rated yet
0 reviews published
Leave a review
Reviews
No public reviews yet. Be the first to share your experience.
Get answers grounded in the sourced data. Citations like will link to the evidence locker.
Evidence Locked
This raw JSON payload contains sensitive intelligence data available to Members only.
Unlock