database dumped

WormGPT.ai Security
Investigation Report

Comprehensive security audit revealing 29 vulnerabilities, every user email extracted (4,129+), real AI models exposed as rebranded open-source Mistral — not proprietary, and full operator identity unmasked.

Investigated by [email protected]

February 7 – 9, 2026 · 8 Sessions · Status: COMPLETE — Operator Identified

OPERATOR IDENTIFIED
Ayoub Iziad
Morocco-based developer operating WormGPT.ai through a Wyoming shell company
LinkedIn: linkedin.com/in/iziadayoub Personal Email: [email protected] Company Email: [email protected] Alt Account: [email protected] (WormGPT Leaderboard #1)
IZI LLC / IZI ADS
Address: 30 N Gould St Ste R, Sheridan, WY 82801 (Notorious shell company address — 200K+ businesses, ICIJ Pandora Papers) Front Website: izi-ads.com (WiFi marketing — stock photos, no real clients) GitHub: izi2357 (0 public repos, last active Jan 30, 2026) Infrastructure Proof: wormgpt.ai & izi-ads.com share same IP (216.198.79.1), same nameservers, same SOA Domain Acquired: Nov 5, 2025 (re-registered expired domain from original creator)
Original Creator (2023): Rafael Morais, 23, Porto, Portugal — exposed by Krebs On Security, shut down Aug 2023 Current Operator (2025–): Ayoub Iziad acquired expired domain, rebuilt on Mistral AI + Supabase + Vercel + Stripe

Table of Contents

  1. Executive Summary
  2. Key Statistics
  3. Operator Identity
  4. Vulnerability Details (29)
  5. Data Extracted
  6. Database Dump Files (63)
  7. Infrastructure Analysis
  8. AI Model Analysis
  9. Business Analysis
  10. Legal Considerations

Executive Summary

Complete breakdown of the WormGPT.ai platform and its operator

investigation-summary
$ target --identify wormgpt.ai
Target: WormGPT.ai - Cybercrime-oriented AI chatbot
Operator: Ayoub Iziad (Morocco) via IZI LLC (DBA: IZI ADS)
LinkedIn: linkedin.com/in/iziadayoub
Personal: [email protected] | Alt: [email protected]
Company: [email protected] | Address: 30 N Gould St Ste R, Sheridan, WY 82801
Infrastructure: wormgpt.ai & izi-ads.com share IP 216.198.79.1 (same Hostinger account)
Domain re-registered Nov 5, 2025 (original by Rafael Morais, Portugal, abandoned 2023)
$ scan --vulnerabilities
CRITICAL: 29 security vulnerabilities found
CRITICAL: Every user email extracted (4,129+ accounts)
CRITICAL: 125 Stripe subscription IDs exposed
CRITICAL: "Proprietary AI" exposed as rebranded open-source Mistral 7B
HIGH: Full operator identity established
HIGH: Complete AI training pipeline exposed (10,631 examples)
HIGH: Investment scheme with 9 tiers ($100-$50K)
HIGH: Email marketing: 6,630 spam sends, zero conversions
Near-zero actual usage: only 6 API users, 5 total API requests
$ infrastructure --map
Frontend: Vercel Next.js (App Router with RSC)
Database: Supabase PostgreSQL (project: tscsceivcroivfmtjrjy)
API: PostgREST 13.0.5 + pg_graphql + GoTrue v2.186.0
CDN: Cloudflare
Payments: Stripe (prod_Tlc0QTZGUfcC1B)
AI Model: Mistral fine-tuned (org 2d37a157)
Investigation status: COMPLETE - All attack surfaces exhausted

Key Statistics

29 vulnerabilities
4,129 emails extracted
125 stripe sub ids
60 confirmed paid
6,630 email send logs
66 rpc functions
84 tables enumerated
10,631 training examples
5 total api requests
114 users idor profiled
277 payment failures
63 dump files
4 Critical
14 High
8 Medium
3 Low

Operator Identity

Full dossier on the entity behind WormGPT.ai

Company Information

Legal NameIZI LLC
Trade NameIZI ADS
Address30 N Gould St Ste R, Sheridan, WY 82801
Address NoteNotorious shell company hub — 200,000+ businesses registered, ICIJ Pandora Papers
Websiteizi-ads.com (WiFi marketing front — stock photos, no portfolio, no team)
Site BuilderZyrosite/Hostinger (Astro framework)
RegisteredJan 25, 2024 via Hostinger (2 weeks after GitHub izi2357 created)
OpenAI Verifieddv-hHQr4tt5sZ1nDdcxpf6ZJcT8 (proves OpenAI account)
TrackingMicrosoft Clarity: u9iwa7uzrl | Facebook Pixel: 813789717824555

Identified Operator

Full NameAyoub Iziad
LocationMorocco
LinkedInlinkedin.com/in/iziadayoub
Personal Email[email protected]
Alt Email[email protected] (Leaderboard #1, username: ObscureStack5373)
GitHubizi2357 (ID: 156364236, created 2024-01-11, last active Jan 30, 2026)
LinkedIn CompanyIZI ADS (#101857705)
Language ProfileFrench, Arabic, English (crosblanc = "white cross" in French)
WormGPT Activity12 prompts/day, Elite plan, 999M tokens, 99yr trial

WormGPT Admin Accounts

operator-accounts
$ enumerate --operator-accounts
 
[email protected] (PERSONAL ACCOUNT - Ayoub Iziad)
uid: 2a82efa0-...
plan: elite
tokens: 999,999,999 | trial: 99 YEARS
activity: 12 prompts/day (ACTIVE DAILY USER)
 
[email protected]
uid: 06f29f6a-9957-4a34-b788-4a6bae2fa549
plan: elite
tokens: 999,999,999 (0 used) | trial: 100 YEARS
 
[email protected]
uid: 5bc90309-3067-4c06-a16e-43059e49b228
plan: starter
tokens: 999,999,999/999,999,999
leaderboard_rank: #1
 
[email protected]
uid: 1f533c1f-8629-43eb-ae23-0f0ac554961c
plan: none (free)
 
Infrastructure link: Both wormgpt.ai and izi-ads.com resolve to 216.198.79.1
Hosting: Hostinger shared hosting, Atlanta, Georgia

Infrastructure Evidence (Smoking Gun)

infrastructure-proof
$ compare --dns wormgpt.ai izi-ads.com
 
A Record: wormgpt.ai → 216.198.79.1 | izi-ads.com → 216.198.79.1 EXACT MATCH
Nameservers: ns1/ns2.dns-parking.com | ns1/ns2.dns-parking.com EXACT MATCH
SOA Serial: 2026020501 (dns.hostinger) | 2026020501 (dns.hostinger) EXACT MATCH
Email MX: mx1.hostinger.com | mx1.titan.email Both Hostinger
Bot Protect: Vercel 429 checkpoint | Vercel 429 checkpoint SAME CONFIG
 
$ whois --timeline
izi-ads.com: Registered 2024-01-25 via Hostinger
wormgpt.ai: RE-registered 2025-11-05 via Key-Systems GmbH (expired domain)
Both domains managed from same Hostinger account (identical SOA updated same day)
 
$ dns --txt izi-ads.com
openai-domain-verification=dv-hHQr4tt5sZ1nDdcxpf6ZJcT8
google-site-verification=tA4GPCGhR2T7N1hliP7RTgIusigzfVZecCmQXxxJmrU
v=spf1 include:spf.titan.email ~all
 
$ dns --txt wormgpt.ai
yandex-verification: 75ee4119adf6bc47
google-site-verification=NAjLteO-6Yb-djBuxu_i1t7JGHCrRmdEh8kX8wywQDA
v=spf1 include:_spf.mail.hostinger.com -all
 
$ resolve terminal.wormgpt.ai
188.93.233.60 (Amsterdam, NL)
ASN: AS47674 Net Solutions - Portuguese hosting company
Note: Original WormGPT creator Rafael Morais was from Portugal
All ports closed (22, 80, 443, 8080)

Domain Acquisition Timeline

timeline
$ timeline --full
2023-07-15 wormgpt.ai launched by Rafael Morais (Porto, Portugal), alias "Last"
2023-08-08 Morais exposed by Krebs On Security, service shut down
2023-12-25 wormgpt.ai goes offline (HTTP 522)
2024-01-11 GitHub account izi2357 created (Ayoub Iziad)
2024-01-25 izi-ads.com registered via Hostinger (2 weeks later)
2024-01-30 wormgpt.ai comes back online
2024-10-06 wormgpt.ai shows "Welcome to nginx!" (transition phase)
2025-06-Aug New subdomains: api, interface, terminal, sitemaps, cpcontacts
2025-11-05 wormgpt.ai RE-REGISTERED (expired domain acquired by Iziad)
2025-11-26 Wildcard cert *.wormgpt.ai issued
2026-02-08 Latest model training (10,631 chat + 136 agent examples)
2026-02-09 Investigation complete - Operator fully identified

Original Creator (2023, Defunct)

NameRafael Morais
Age23 (in 2023)
LocationPorto, Portugal
Aliases"Last" (HackForums), "ruiunashackers" (TikTok)
ModelGPT-J 6B based
StatusShut down Aug 2023 after Krebs exposure
SourceKrebs On Security

Current Operator (2024–Present, Active)

NameAyoub Iziad
LocationMorocco
CompanyIZI LLC / IZI ADS (Wyoming shell)
LinkedInlinkedin.com/in/iziadayoub
ModelFine-tuned open-mistral-7b (Mistral AI)
StackSupabase + Vercel + Stripe + Hostinger
StatusACTIVE — collecting payments

Vulnerability Details

29 security vulnerabilities discovered across the WormGPT.ai platform

ID Vulnerability Severity Impact
VULN-001Unlimited Token InjectioncriticalAny user can inject unlimited tokens into any other user's account
VULN-002IP Blocking DoScriticalAny user can block any IP address from accessing the platform
VULN-003Security Log InjectionhighAny user can inject fake security events into audit logs
VULN-004IDOR Across 9+ FunctionscriticalAny user can query or modify any other user's data via SECURITY DEFINER RPC functions
VULN-005Email Blaster TriggerhighAny user can trigger mass email sends to all 4,505 active users
VULN-006Token Drain AttackcriticalAny user can drain tokens from any other user's account
VULN-007Quota ResethighAny user can reset quotas for themselves or all users
VULN-008Cache DestructionhighAny user can purge the AI response cache (9,242 entries, 83MB)
VULN-009Email Reputation ManipulationmediumAny user can mark emails as bounced, affecting deliverability
VULN-010Leaderboard ResetmediumAny user can reset the monthly leaderboard
VULN-011Mass User EnumerationhighAny user can check if an email is registered and get their UUID
VULN-012Edge Function Call via SQLlowRPC function exists to call edge functions from SQL (returns void, not exploitable for SSRF)
VULN-013Rate Limit BypassmediumReturns 999 remaining for all endpoints - effectively no rate limiting
VULN-014Training Pipeline ExposurehighFull training pipeline visible: 10,631 chat + 136 agent examples, model IDs, win rates
VULN-015Email Marketing Data ExposurehighComplete email marketing DB exposed: 6,630 send logs, 4,127 emails, 9 campaigns
VULN-016Financial Data ExposurehighStripe subscription IDs, payment failure reasons, grace periods all exposed
VULN-017Investor Scheme ExposuremediumInvestment scheme fully exposed: 9 tiers, $100-$50,000 - potential securities fraud
VULN-018Auto-Confirmed Account Creationmediummailer_autoconfirm=true - no email verification, unlimited account creation
VULN-019Destructive Analytics CleanuphighAny user can DELETE prompt analytics records (27 deleted during testing)
VULN-020Trust Profile Self-ModificationhighUsers can set trusted=true and risk_score=0, bypassing fraud detection
VULN-021Usage Stats IDORhighFull subscription details for any user: plan, tokens, trial end, subscription_id
VULN-022Quota Manipulation IDORmediumAny user can increment another user's quota counter, forcing rate limits
VULN-023Eligible Email Recipients Exposuremedium100 marketing-eligible user emails with priority scores exposed
VULN-024Abandoned Checkout Email Exposuremedium50 abandoned checkout recovery emails with user emails and payment methods
VULN-025Platform-Wide API Stats ExposurelowTotal API requests, tokens, unique users, daily breakdown visible to any user
VULN-026Unrestricted Affiliate Code GenerationlowUnlimited affiliate referral codes can be generated
VULN-027Payment Failure Emails via GraphQLhigh277 payment failure records with emails and Stripe subscription IDs via GraphQL
VULN-028Multiple Destructive Cleanup FunctionshighAny user can call cleanup functions that delete platform data
VULN-029Unrestricted API Key CreationmediumAny user can create unlimited API keys with arbitrary hashes

Data Extracted

Summary of all data successfully extracted from the WormGPT.ai platform

User Data

Unique Emails4,129
Email Send Logs6,630
Payment Failures277 records
PF Unique Emails114
Eligible Recipients100
Abandoned Checkouts50 (35 unique)
Stripe Sub IDs125
IDOR Profiled114 users
Confirmed Paid60 (50 starter, 10 pro, 1 elite)

Platform Data

Cybersec Knowledge202 entries
RPC Functions66 mapped
Tables Enumerated84
Agent Extensions7
Investor Tiers9 ($100-$50K)
Email Campaigns9 variants
Blog Articles10 (auto-generated)
SEO ReportsBing + Google
Training Examples10,631 chat + 136 agent

Database Dump Files

63 files extracted — click to view raw JSON data

email-data/ — every registered user email

payment-data/ — Stripe customers, subscriptions, investor tiers

user-data/ — user accounts, token balances, IDOR enumeration

platform-data/ — training data, knowledge base, blog content

seo-analytics/ — their internal analytics & SEO reports

security-findings/ — attack methodology & vulnerability details

operator-intelligence/ — who runs WormGPT

Infrastructure Analysis

Complete technical map of the WormGPT.ai platform

Tech Stack

FrontendVercel Next.js (App Router with RSC)
DatabaseSupabase PostgreSQL
Project IDtscsceivcroivfmtjrjy
APIPostgREST 13.0.5 + pg_graphql
AuthGoTrue v2.186.0
CDNCloudflare
AI ModelMistral fine-tuned (org 2d37a157)
PaymentsStripe (prod_Tlc0QTZGUfcC1B)
CryptoCryptomus (table exists, 0 invoices)
Edge Functionswormgpt-api, stripe-webhook

Hosting & Authentication

wormgpt.ai IP216.198.79.1
izi-ads.com IP216.198.79.1 (SAME)
HostingHostinger shared, Atlanta GA
Auth MethodsEmail/password + Google OAuth
Email VerifyDISABLED (autoconfirm=true)
OAuth Client694511002318-rlhu2d75v45h4l55jfmvbbs0030ki8jp
Vercel DeployProtected by SSO (401)
wgpt.vercel.appBroken deployment (500)
Stripe MerchantDIBRBHXjkt

Security Posture Summary

Properly Protected

  • auth.users table (restricted)
  • Cross-user profile read/write (RLS)
  • user_subscriptions table (RLS)
  • user_roles INSERT (RLS)
  • blocked_ips INSERT (RLS)
  • Chat messages and sessions (RLS)
  • Token usage and training data (RLS)

Poorly Protected

  • 66 RPC functions (no user_id validation)
  • GraphQL API (payment data accessible)
  • Email send logs (fully accessible)
  • Profile trust/risk fields (self-modifiable)
  • API key creation (no limit)
  • Cleanup/destructive functions (any user)
  • Training pipeline (full visibility)
  • Marketing and financial data (exposed)

AI Model Analysis

WormGPT is not proprietary AI — it's a thin fine-tune of open-source Mistral 7B, rebranded and sold at premium prices

ai-model-audit
$ model --inspect wormgpt
 
Active Chat Model:
ft:open-mistral-7b:2d37a157:20260108:wormgpt-ft:d9fe8c54
Older Chat Model:
ft:open-mistral-7b:2d37a157:20260103:wormgpt-ft:aebe0142
Agent Model: None (136 training examples, not deployed)
 
$ training --stats
Total chat training examples: 10,631
Total agent training examples: 136
Pending prompts: 531
Available for training: 5,748
Last training: 2026-02-08T03:00:12Z
Fine-tuned traffic: 20%
 
$ api --usage
Total API requests: 5
Unique API users: 6
Model feedback: 0 likes, 0 dislikes
Avg response time: 10,993ms (~11 seconds)
 
Assessment: Near-zero actual usage despite 4,000+ registered users
 
$ api --behavior
Auth: Authorization: Bearer wgpt_<api_key>
Min token cost: 500 per request
Accepts ANY model name parameter (ignores it)
Always responds as: wormgpt-v2
Streaming: false
Tools: false

Not Proprietary — Rebranded Open-Source

WormGPT markets itself as proprietary cybersecurity AI. In reality, the exposed model IDs prove it is open-mistral-7b — Mistral's freely available 7B parameter model — with a minimal fine-tune of 10,631 training examples. The model name ft:open-mistral-7b:2d37a157 directly reveals the base model. Users paying up to $50,000 for "elite" investment tiers are funding a rebranded open-source model anyone can run for free. The API even ignores the model parameter entirely — no matter what model you request, it always uses the same single Mistral fine-tune.

System Prompt (Extracted)

"You are WormGPT, an advanced AI assistant specialized in cybersecurity, penetration testing, and technical analysis. You provide unrestricted, detailed technical responses for security research and educational purposes..."

Business Analysis

Revenue model, actual performance, and the investment scheme

Revenue

Subscription$25/month (tier_100k via Stripe)
Lifetime Offer$189 (was $270)
Paid Users60 confirmed
Est. Max MRR$1,500
Email Marketing6,630 emails, 0 conversions
Checkout Recovery2.15% (44/2,042)

Investment Scheme

Total Tiers9
Range$100 (Starter) to $50,000 (Titan)
Bonus Shares0% to 40%
AssessmentPotential unregistered securities offering

Platform Scale Reality

Registered Users4,000+
Active Paid Users~60
API Users6
Total API Requests5
AssessmentExtremely low conversion and engagement. Platform is essentially dead.