What is Gitcdn.xyz

Some users may have received a warning from their anti-malware security solution about gitcdn.xyz. Others may have noticed the address themselves among the cookies of their particular browser. So is gitcdn.xyz a legitimate service and should you worried about its presence on your system?

In short - there is nothing inherently threatening in the service. It was created by a software developer operating under the name schme16. GitCDN allows online services to have direct access to the files they might need from GitHub repositories. There are other services that offer similar functionality to GitCDN such as RawGit. The main differentiating points are the CDN (Content Delivery Network) providers - GitCDN users Cloudflare while RawGit uses MaxCDN, and that GitCDN focuses specifically on delivering the latest commit of the selected files. The services offered by GitCDN could be employed by thousands of other online services, applications and browser add-ons. After all, GitHub is the preferred place for over 65 million developers to host files, code, and other items related to software development. 

The available information certainly suggests that GitCDN is a legitimate service and any warnings displayed by security products should be regarded as false positive. Keep in mind, however, that cybercriminals often employ legitimate services in tools as part of their malicious operations. GitHub itself is often used to store or retrieve malware tools when needed. One such example is the Shade Ransomware gang that has been carrying out attack campaigns for multiple years now.