Domain Due Diligence
Report for Worldcoin.org
Β Why we think so?Β
Worldcoin (worldcoin.org) is a high-profile crypto / digital identity project that is operational and widely covered in tech and news outlets, but it sits at the center of serious privacy and regulatory scrutiny. The site is active, uses major infrastructure providers (Cloudflare, AWS, Google services), and receives hundreds of thousands of monthly visits. However, regulators in the EU and Kenya have opened investigations or legal actions over biometric data practices, and scammers frequently impersonate the brand. Treat the official site as legitimate for information, but proceed with strong caution before sharing sensitive data or transferring funds.
Risk Insights
High technical quality, high regulatory risk
- Uses Cloudflare, AWS and Google β good technical hygiene.
- Valid TLS and professional hosting suggest legitimate operations.
- But active legal actions about biometric data significantly increase user risk.
Impersonation scams are common
- Scammers create convincing pages that mimic Worldcoin branding.
- Victims have lost crypto by connecting wallets to impostor sites.
- Always verify the exact domain and contract address before signing anything.
Contradictory Signals
The site looks professional and receives genuine traffic, but ownership obfuscation and unresolved legal issues around biometrics reduce trust.
Signal A: Professional infrastructure and real traffic (technical legitimacy)
Signal B: Masked ownership and active legal/privacy investigations (trust concerns)
Category Scores
Red Flags & Warnings
- Active legal challenges and regulatory probes over biometric data practices in the EU and Kenya.
- Impersonation scams and phishing campaigns using Worldcoin branding have caused real financial losses for victims who connected wallets to fake sites.
- Registrant information is masked using an identity protection service, reducing transparency about the controlling entity.
- Multiple media and analyst pieces question governance, tokenomics, and privacy implications β signaling reputational risk.
π Detailed Checks & Analysis
Domain & WHOIS transparency
Score: 60/100
Domain & WHOIS transparency
"Registrant data shows 'Identity Protection Service' and a proxy email; domain created in Aug 2019 and registered via Amazon Registrar, which is a common but opaque setup for high-profile sites."
Reason: WHOIS is privacy-protected and lists an identity protection service, which reduces direct transparency about ownership.
Traffic & popularity
Score: 78/100
Traffic & popularity
"SimilarWeb/SimilarTech estimate ~302kβ348k monthly visits across mid-2025 and keywords show high search volumes (e.g., 'worldcoin', 'orb')."
Reason: Site shows substantial monthly traffic (~300k) and organic search interest, which is a positive signal for legitimacy.
Technical hygiene (TLS, hosting, tech stack)
Score: 88/100
Technical hygiene (TLS, hosting, tech stack)
"DNS points to Cloudflare nameservers, A/AAAA records present, MX entries use Google mail, and TLS certificate data shows a valid certificate for the domain."
Reason: Uses Cloudflare, AWS, Google services, and has a valid TLS certificate; technical setup follows industry norms.
Blacklists & automated risk feeds
Score: 80/100
Blacklists & automated risk feeds
"Crypto scam sniffer and Google Safe Browsing query results did not flag the official domain in the retrieved dataset; this does not rule out impersonator domains elsewhere."
Reason: No automated blacklist or Safe Browsing flags were returned in this evidence set.
Contact details & verifiability
Score: 70/100
Contact details & verifiability
"Scraped contacts include a compliance email and links to Twitter/LinkedIn/Facebook; a phone number seen in a token explorer should be verified via official channels."
Reason: Public contact email (compliance@worldcoin.org) and verified social profiles exist, but phone records and some references require independent confirmation.
Trademark & brand impersonation risk
Score: 45/100
Trademark & brand impersonation risk
"USPTO search returned zero hits for 'worldcoin.org' in the retrieved snapshot; absence of trademark registration raises impersonation risk but does not alone indicate fraud."
Reason: No USPTO trademark matches found for the query, increasing risk that third parties can impersonate the brand without immediate legal friction in the U.S.
Regulatory & legal risk
Score: 30/100
Regulatory & legal risk
"Press and legal summaries indicate investigations and court actions in the EU (GDPR-related concerns) and Kenya (restraining orders and pending judgment), which are unresolved and impactful."
Reason: Ongoing legal and regulatory inquiries into biometric data practices materially raise user risk for privacy and compliance.
Your Next Steps
-
1
Do not connect crypto wallets or sign transactions from any site unless you have verified the exact domain and contract; use hardware wallets when possible.
-
2
Verify regulatory status and recent rulings in your country before sharing biometric data; search for recent EU and Kenya decisions related to Worldcoin.
-
3
Confirm contact addresses from the site (e.g., compliance@worldcoin.org) against official announcements and cross-check on their verified social profiles.
-
4
If contacted by offers promising tokens or scanning rewards, inspect the URL carefully and avoid any third-party pages that request wallet signatures.
-
5
Report suspected impersonator pages or wallet-draining scams to the hosting provider, browser phishing report tools, and your local consumer protection agency.
Evidence & Citations
-
SimilarTech site profile for worldcoin.org (technologies, monthly visits)
Shows ~328k monthly visits, Cloudflare/AWS hosting and multiple major analytics/marketing providers β indicates professional infrastructure and real traffic.
-
SimilarWeb analytics snapshot for worldcoin.org (traffic, geography, engagement)
Provides estimated monthly visits (~328k), country distribution (Mexico, Japan, Indonesia among top sources), and engagement metrics (bounce rate ~46%, ~2 pages/visit).
-
WHOIS / DNS / SSL summary for worldcoin.org
Domain registered in 2019 with Amazon Registrar; WHOIS shows proxy/identity-protect service and Cloudflare nameservers; valid TLS certificate present.
-
Site contact scraping for worldcoin.org
Public contact found (compliance@worldcoin.org) and official social links (Twitter, LinkedIn, Facebook); a phone number in a token explorer was also captured and requires separate verification.
-
News and commentary about Worldcoin (examples from TechCrunch, PCMag, CoinMarketCap)
Multiple mainstream outlets report on product changes and heavy regulatory attention; articles document both project updates and privacy controversies.
-
Investigation and FAQ summaries (scam/impersonation reports)
Aggregated research highlights that scams impersonate the project and that victims can lose funds when signing malicious wallet contracts; no authoritative evidence that the official site directly stole funds.
-
Crypto scam blacklist check and Safe Browsing
Automated checks returned no blacklist matches for the official domain in the retrieved dataset.
-
USPTO trademark search results for 'worldcoin.org'
No trademark records matching the query were returned, which can make impersonation easier for bad actors.
π΅π» Keep investigating
Run another instant due diligence scan on any website URL. Verify before you trust!
Spot fake SaaS login pages before handing over credentialsPhishing crews spin up carbon-copy login portals for CRM and finance tools, siphoning credentials before users realize t...
Read playbook β Analyze giveaway landing page phishingGiveaway pages entice with consoles or flights, then harvest card data and selfies βfor verification.β ScamAI checks reg...
Read playbook βCommunity feedback
Not rated yet
0 reviews published
Leave a review
Reviews
No public reviews yet. Be the first to share your experience.