Executive Summary
Global Rank
#~1.92M
Monthly Visits
10,557
Avg Duration
0m 15s
Pages/Visit
2.25
Strategic Overview
Strong awareness and traffic from search, driven by notoriety in cybercrime spaces, Niche in malicious AI tools unserved by mainstream providers.
High risk of enforcement or takedown due to illegal associations, No legitimate operational structure or legal protections, Negative visibility in mainstream and security media.
Our Verdict
Upside & Downside Analysis
The Bull Case
2 PointsStrong Niche Demand in Underground Markets
- Appeals to actors seeking unrestricted generative AI for phishing and cyberattacks
- High search volume for related keywords like "wormgpt" and "wormgpt apk"
Recurring Media Attention
- Frequent mentions in security blogs, news, and research create persistent brand awareness
- Site receives sizable direct and search-driven traffic
The Bear Case
3 PointsDirect Criminal Associations
- Extensively cited as a tool for cybercrime, phishing, and BEC attacks in leading security publications
- Explicitly named in security reports as malicious (see Unit42, TrendMicro, Kaspersky, KrebsOnSecurity, TheHackerNews)
No Legal/Corporate Foundation
- No trademark, corporate registration, or LinkedIn presence
- Zero transparency on leadership, ownership, or operational legitimacy
- No trustworthy channel for customer grievance or dispute resolution
Regulatory and Takedown Risk
- Site may be taken down at any time due to policy violations or enforcement actions
- Negative news coverage can lead to deplatforming from hosting and infrastructure providers
Domain Integrity
Domain is protected by Cloudflare, DNS and SSL details are present, and Google Safe Browsing detects no immediate threats. WHOIS details are withheld, adding to the site's anonymity.
| Registrar | Unknown |
|---|---|
| Domain Age | - |
| Security Status |
Unlocked
SSL: WE1
|
Reputation
0 Reviews
Sentiment Analysis
No third-party reviews exist in trusted platforms. Security researchers and media repeatedly link the brand to cybercrime tools, scams, and malicious use, with negative feedback from criminal forums and users.
Common Themes
Traffic Distribution
| Top Countries | Traffic Share | Trend |
|---|---|---|
|
India
|
31.60% |
|
|
Vietnam
|
14.70% |
|
|
Colombia
|
13.30% |
|
|
France
|
12.50% |
|
|
Morocco
|
10.10% |
|
Competition
| Competitor Type | Threat Analysis |
|---|---|
| Other Malicious LLM Platforms (Dark Web) | Direct replacements like FraudGPT and open-source clones increase competition. Threat actors may migrate to less-exposed tools following media coverage or law enforcement actions. |
| Legitimate AI APIs (OpenAI, Anthropic, Google) | Mainstream AI services are safer, open less risk for users, and attract most legal/enterprise demand, siphoning off users seeking stability or legal utility. |
SWOT Analysis
Strengths
- Niche user demand in cybercrime space
- Persistent media attention generates traffic
- Cloudflare/CDN setup makes rapid takedown harder
Weaknesses
- No legal structure or real business operations
- Negative reputation in all credible security circles
- Loss of transaction trust due to frequent scams
Opportunities
- Ongoing demand for unrestricted LLMs among cybercriminals
- Expanding market of copycat AI tools grows overall traffic
- Media coverage maintains brand in security discourse
Threats
- Closure from law enforcement and infrastructure providers
- Rapid rise of clones and alternatives cannibalizing user base
- Continued negative press shrinking trust and deterring new buyers
Tech Stack
Cloud and CDN
Enterprise-grade Cloudflare CDN and DNS for security, redundancy, and DDoS protection; use of Hetzner for underlying hosting.
CMS
WordPress-based stack with Jetpack and Kadence plugins; standard for rapid launch but may lack advanced security hardening.
Analytics & Tracking
Integrates Google Analytics, Tag Manager, and Facebook Pixel for detailed traffic and marketing insights despite lack of apparent legitimate marketing use.
Payment/Monetization
Multiple markers for crypto and Euro payments, with references to plans priced above $400/month, aligned with underground service pricing.
Key Risks
| Identified Risk | Impact | Mitigation |
|---|---|---|
| Takedown or blacklisting due to illegal activity or media exposure | High | Use of proxy infrastructure (Cloudflare, Hetzner) and site anonymization, though ultimately insufficient against regulators. |
| Financial transactions are irrecoverable | High | Limits to cryptocurrency and non-reversible payment methods; users have no effective recourse. |
| Brand confusion and fraud from copycat services | Medium | Leverages notoriety and some persistent domains, but cannot prevent clone proliferation or negative brand dilution. |
| De-anonymization and legal prosecution of operators | High | No public ownership or contact information exposed; but risks rise as media and law enforcement scrutiny grows. |
Contacts
Appendix & Sources
Key Citations
-
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
Deep profile by KrebsOnSecurity on WormGPT's origins, market, and user complaints.
-
WormGPT: How GPT's Evil Twin Could Be Used in BEC Attacks
Explains WormGPT's abuse in cyber compromise and phishing operations.
-
The Dual-Use Dilemma of AI: Malicious LLMs
Recent Unit42 coverage on threats posed by WormGPT and similar LLMs.
-
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Research article on scam trends and low reliability in WormGPT user experience.
-
Summary: Perplexity QA on wormgpt.com.co legitimacy
Aggregated user complaints and context regarding fraud and non-functionality.
Data Sources Used
Disclaimer
This report synthesizes OSINT and technical indicators as of the date shown. Factual accuracy is supported by cited sources but cannot be guaranteed due to possible operator deception and frequent site changes common to sites associated with illicit activity. Consider this a risk assessment, not an endorsement of legitimacy or a substitute for law enforcement intelligence.