MalwareTips
SUSPICIOUS

Warning signs detected

Legitimate AI coding agent with 1M+ users, but multiple complaints about deceptive billing and unauthorized auto-charges on independent review sites. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

0
Trust score
SUSPICIOUS
Heuristics 73·MT 42
Category tags
ai toolsdeveloper toolssaas#Subscription Trap72% MT confidence
Technical red flags (2)
Impersonates PayPalCrypto-Only Checkout

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
8 years old
Registered Dec 15, 2017
MT Intelligence
Suspicious
Moderate likelihood · 72% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Moderate scam likelihoodengineMT · Guardiantrust42/100
MT AgentLive web researchVisual inspection
0%
Confidence
Kilo operates as a genuine open-source AI coding platform backed by an active GitHub repository, a San Francisco-based company (Kilo Code Inc., founded 2025), and substantial developer adoption through the VS Code marketplace. The domain is 8.5 years old, SSL is valid, and our antivirus network reports no malicious flags. However, independent review aggregators show a pattern of billing complaints: independent review aggregator reports unauthorized auto-renewals and difficulty removing payment methods, while Reddit users describe deceptive promotions where credits were given expiration dates retroactively. These are not phishing or malware indicators, but rather operational practices that harm user trust. The scanner flagged a false-positive 'PayPal impersonation' and 'Crypto-Only Checkout' — the site legitimately uses Stripe and Coinbase (crypto as an option, not the only method). The mixed signal is the gap between strong product legitimacy and documented billing-practice complaints.
Full dossier
Analysis complete

Page Content

The site presents as a professional SaaS platform for AI-assisted coding. It advertises 500+ model access, integrations with VS Code, JetBrains, CLI, and cloud deployment. The page loads properly with valid SSL, legitimate external resources (GitHub, Google Tag Manager, Open VSX), and no malware or phishing payloads detected.

Infrastructure

Domain registered 3,096 days ago (~8.5 years) via NameCheap with privacy protection enabled. Hosting IP 216.150.1.1 has an abuse score of 0/100 and 14 historical abuse reports (typical for shared hosting). SSL certificate valid (Let's Encrypt, 57 days to expiry). No redirects or homoglyph tricks detected.

Domain History

The domain kilo.ai is established and long-lived. The product itself (Kilo Code as an open-source AI agent) launched around 2025 as a fork or successor to similar tools. Company registration confirmed: Kilo Code Inc., San Francisco, CA, founded 2025, active status, 11–50 employees.

Web Reputation

Our antivirus network: 0/92 engines flagged as malicious. Browser blocklists: clean. GitHub repository (kilo-org/kilocode) shows active development, Apache 2.0 license, and high community engagement. VS Code extension has 1.1M+ installs with 191 reviews (positive marketplace presence). Independent review aggregators show mixed sentiment: independent review aggregator (kilocode.ai) averages 2.7/5 stars with specific complaints about unauthorized auto-renewals, predatory billing, and card-removal friction. Reddit discussions confirm billing disputes and retroactively-added credit expiration dates, though coding capability is praised.

Risk Factors
5
  • Multiple independent reviews report unauthorized auto-renewal charges and difficulty removing payment methods from the platform.
  • independent review aggregator shows 2.7/5 average rating with specific complaints about predatory billing practices and retroactively-added credit expiration dates.
  • Reddit users describe deceptive promotions where free-credit offers were later restricted with expiration dates not disclosed upfront.
  • Hosting IP has 14 historical abuse reports, though current abuse score is 0/100.
  • No direct contact email on the website; support appears to route through external channels only.
Positive Signals
5
  • Domain is 8.5 years old with consistent registration history and no suspicious transfers.
  • VS Code extension has 1.1M+ installs with active marketplace presence and positive developer feedback on coding capabilities.
  • Active GitHub repository (kilo-org/kilocode) with Apache 2.0 license, regular commits, and transparent open-source development.
  • Company registration confirmed in San Francisco with named founders and active business status.
  • Zero malware or phishing detections from our antivirus network and browser blocklists.
AI Recommendation
Kilo appears to be a legitimate open-source AI coding platform with strong developer adoption, but billing practices are a documented concern. If you use the free tier, monitor your account for unexpected charges and verify any subscription terms before entering payment details. If you encounter unauthorized charges, contact support immediately and dispute through your payment provider.
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of kilo.ai
LIVE RENDER
kilo.ai
1Impersonates PayPal

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for kilo.ai, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
8.5 yrs
Registered Dec 2017
Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 3 complaints · 3 positive
Key findings
7 headline facts from open-web research
  • Domain kilo.ai is 3096 days old (~8.5 years). Product launched ~2025 as open-source AI coding agent (fork of Roo Code or similar).
  • Active GitHub org (Kilo-Org/kilocode) with Apache 2.0 license, high activity, VS Code extension with 1.1M+ installs and positive marketplace presence.
  • Company: Kilo Code Inc., San Francisco-based (11-50 employees per LinkedIn), founded 2025 by Sid Sijbrandi and Scott Breitenother. Offices in US/Europe.
  • Pricing: Free open-source core; pay-as-you-go for AI inference at provider rates (zero markup), optional subscriptions like Kilo Pass. Uses Stripe and Coinbase for payments (crypto supported).
  • Trustpilot for kilocode.ai shows mixed reviews (2.7/5 from 14 reviews) with specific complaints about unauthorized auto-renewals, predatory billing, and difficulty removing cards.
  • Reddit contains both praise for coding capabilities and complaints about billing practices, deceptive promotions (e.g., expiring credits added retroactively), and high holds for payment verification.
  • No malware, phishing, or major scam reports found beyond billing disputes. Positioned as legitimate open-source alternative to tools like Cursor; covered positively in tech blogs.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • Trustpilot (kilocode.ai)open

    "Subscription Trap: Unauthorized Auto-Charge and Blocks Card Removal. Warning to all users: I tested Kilo Code and paid for credits, but the platform has a predatory billing system. ... Unauthorized Auto-Renewal: I was automatically charged "

  • Reddit (r/kilocode)open

    "Lost all trust in Kilo Code after their deceptive promotion... Kilo Code lured users in with a "top up $5, get $25 free" offer, only to retroactively add a 20-day expiration date a week later."

Positive reviews (3)
Quotes indicating the site is legitimate.
  • VS Code Marketplaceopen

    "Open Source AI coding agent that generates code from natural language, automates tasks, and runs terminal commands. ... 1,178,987 installs (191 reviews)"

  • Trustpilot (kilocode.ai)open

    "As a senior dev who's tried plenty of AI coding setups, Kilo (Kilocode) stands out for keeping things practical and open. ... worth a try at kilo.ai"

  • GitHub / OpenRouter / Articlesopen

    "Kilo is the all-in-one agentic engineering platform. Build, ship, and iterate faster with the most popular open source coding agent. 3M+ Kilo Coders. 40T+ tokens processed."

Business registration
Status: active · United States

Kilo Code Inc., founded 2025, headquartered in San Francisco, CA (455 Market St). Remote-first with offices in Amsterdam. Terms reference Kilo Code Inc.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Independent review aggregators report billing-practice complaints on independent review aggregator (2.7/5 average, 14 reviews) and Reddit. Specific issues: unauthorized auto-renewal charges, difficulty removing payment methods, and deceptive promotions where free-credit offers were later restricted with expiration dates. However, the same sources praise Kilo's coding capabilities and open-source transparency. No phishing, malware, or credential-harvesting reports found. GitHub repository and VS Code marketplace show strong legitimate developer adoption (1.1M+ installs). Company registration confirmed as active in San Francisco. The pattern suggests operational billing practices that harm user trust, not a scam operation.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious59Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render
Sandbox capture incomplete — no traffic recorded
Requests made0
Unique IPs0
Countries0
Detected brandsNone

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbers92.5925926
Postal addressPresent
Linked social profiles1
Signal Summary
Contact details look reasonable
  • No contact email found anywhere on the page.
  • Page impersonates PayPal on a non-official domain.
  • Scam family match: Crypto-Only Checkout.
  • Phone number listed (92.5925926).
  • Postal address visible on the page.
  • Links to 2 social profiles.

Domain & Encryption

Domain History
Age8 years old
RegistrarNameCheap, Inc.
RegisteredDec 15, 2017
ExpiresMay 14, 2028
Owner privacyHidden
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · R12
ExpiresAug 4, 2026 (57d)
Self-signedNo
Hosting & Technology
HostingVercel, Inc
Server locationUS
Web serverVercel
PopularityTop 100k worldwide

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1308http://kilo.ai/
  • 2200https://kilo.ai/

Server Reputation

Hosting
CountryUnknown
NetworkUnknown
IP addressUnknown
Abuse Intelligence
Confidence score0%
Reports on file14
ISPVercel, Inc
Usage typeContent Delivery Network

Scam-Type Likelihood

3 scam-type patterns detected
Scam-Type Likelihood

3 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Fake Shop
Fake Shop
Low-level signals
23/100
  • Crypto-only checkout — no card / bank payment option.
  • Multiple contact / trust-signal red flags on the page.
Subscription Trap
Low-level signals
15/100
  • AI analyst tagged this as a subscription trap.
Brand Impersonation
Low-level signals
15/100
  • Page mentions PayPal (non-official domain).

Fake-shop warning signs

Signals common to non-delivery scam shops were detected on this site.

  • Treat kilo.ai as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • If you already paid by card or PayPal — start a chargeback

    Contact your bank or card issuer and dispute the charge as "goods not received" or "merchant fraud." PayPal users can open a case in the Resolution Centre. Act within 120 days for card chargebacks in most jurisdictions.

  • Save every piece of evidence

    Screenshots of the checkout, order confirmation emails, any chat transcripts, and the product listing page. Chargeback and fraud reports go faster when you have receipts.

  • Report the shop

    Report to the FTC (reportfraud.ftc.gov), Action Fraud UK, or your local consumer-protection body. Post the URL on the MalwareTips scam forum so other buyers can find it.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

googletagmanager.comgithub.comopen-vsx.orgffpamnmfcbtxqeop.public.blob.vercel-storage.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked kilo.ai as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • kilo.ai currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. kilo.ai presents a valid TLSv1.3 certificate issued by Let's Encrypt · R12, expiring in 57 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • kilo.ai is 8.5 years old, registered on 12/15/2017 through NameCheap, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report kilo.ai as clean.
  • No. kilo.ai is not currently listed on the major browser blocklist feeds that modern browsers use.
  • kilo.ai resolves to an IP operated by Vercel, Inc in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Yes. kilo.ai sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.

Final Verdict

0
Trust / 100
Final Verdict·kilo.ai
SUSPICIOUS

Kilo is a legitimate open-source AI coding agent with strong developer adoption (1M+ VS Code installs), but independent reviews report unauthorized auto-renewals, predatory billing practices, and retroactively-added credit expiration dates. The core product appears genuine, but billing practices raise significant concerns.

Kilo appears to be a legitimate open-source AI coding platform with strong developer adoption, but billing practices are a documented concern. If you use the free tier, monitor your account for unexpected charges and verify any subscription terms before entering payment details. If you encounter unauthorized charges, contact support immediately and dispute through your payment provider.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust64
asfaleia-zois.gr
7m ago
Read the review
Suspicioustrust57
aldealio.com
7m ago
Read the review
Suspicioustrust51
uu-download.dx5mzt.com
9m ago
Read the review
Suspicioustrust57
go-to-holidays.com
11m ago
Read the review
Suspicioustrust69
modum-house.com
11m ago
Read the review
Suspicioustrust50
panditprogrammer.com
13m ago
Read the review
Suspicioustrust59
desihub.org
16m ago
Read the review
Suspicioustrust45
prenedurs.co.in
20m ago
Read the review
Suspicioustrust56
running247.info
1h ago
Read the review
Suspicioustrust61
dr-does-chemistry-quiz.latestmodapks.com
1h ago
Read the review
Suspicioustrust57
tryeverwellhealth.com
1h ago
Read the review
Suspicioustrust61
endlockdowns.org
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.