This 3,600-word deep dive into the economics and infrastructure of the horrible AI nudifier industry is a joint effort with Santiago Lakatos, an investigative researcher who is the lead author on this piece.
Finalizing this story took days of work and got Indicator threatened with a lawsuit in the UAE. In my experience as a former Googler, it is the type of analysis that platforms commission from their teams or external experts. We are publishing it on Indicator thanks to our members.
— Alexios
Over the past two years, websites that use AI to turn any photo into a nude have been targeted by platform moderation, legal action, and regulation. While some AI nudifiers have been shut down, the ecosystem as a whole had adapted and proven remarkably resilient.
Just last week, a Save the Children survey of young people in Spain found that one in five respondents claim to have been targeted by a deepfake nude while still a minor. Statistics from the UK and the US show these toxic tools have a similar reach in those countries. Even a small fraction of these numbers would amount to hundreds of thousands of teenagers being “nudified” against their consent around the world.
We manually reviewed 85 websites1 that sell this type of image-based sexual abuse as a service to understand their business model, infrastructure, and marketing strategies. We also extracted data about them through several third-party platforms.
We used this information to produce a comprehensive analysis of the reach of the web-based AI nudifier ecosystem and what we believe to be the first estimate of their overall turnover.
In doing so, we also found that these noxious websites continue to benefit from access to mainstream infrastructure providers. Source code inspection suggests that Amazon and Cloudflare provide hosting or content delivery services for 62 of the 85 nudifiers in our sample. Google enabled simple sign-on for 53 out of 85. Either directly or through an intermediary called Luxury Fintech, some of these websites also leverage Coinbase, PayPal, Mercuryo, and Telegram to accept credit card payments from their customers.
We build on foundational research by Henry Ajder and others, excellent prior reporting by 404 Media, Bellingcat, Der Spiegel, The Guardian and Wired, as well as Indicator’s own work to sound yet again the alarm about this malignant outgrowth of the generative AI revolution.
A multi-million dollar business
Our review of outgoing traffic suggests the industry is worth millions
Nudifier websites typically earn revenue by making users pay for the material they want turned into a deepfake nude. The websites charge by the photo, sell credits that can be used for a certain number of transformations, or offer subscriptions.
To approximate their revenue, we used Similarweb2 to quantify outgoing web traffic data that we could attribute to payment processors such as LuxFin, Mercuryo, Overpay, PayPal, Telegram3, and Wireupay. (We were able to do this for 18 out of the 85 websites in our sample). We then assumed that 70% of these visits to a payment processor did not convert into a purchase, borrowing industry estimates of cart abandonment developed by the user research agency Baymard Institute. For the 18 sites assessed, we took the lowest possible cost of the nudifying service and the highest. We multiplied the traffic, abandonment rate, and costs together to get a lower and higher band estimate of their collective revenue.
With this formula, we estimate that 18 AI nudifier websites made between 2.6 and 18.4 million dollars over the six months to May 2025.

Our analysis is roughly consistent with a whistleblower’s report to Der Spiegel that ClothOff has a budget of 3 million euros. We don’t have payment processor data for ClothOff; however, we estimate that similar-sized websites in our sample are making several million dollars a year, giving our calculations a measure of external corroboration.
Additionally, promotional statistics published by another nudifier in our sample claim that by July 2024 that website had earned at least $6.5 million in revenue solely from users acquired through affiliate partners, which represent a fraction of all paying users. This figure needs to be taken with caution given that it originates from the marketing department of a company enabling AI abuse. But reporting by Bellingcat unearthed receipts showing that even a much smaller nudifier may have earned at least $45,000 in revenue over a seven-month period.
We also note that it’s likely that our estimate undercounts overall revenue for the ecosystem because we weren’t able to identify any payment processors in Similarweb for some of the largest websites in our sample. Additionally, web traffic data does not include all the payment options listed on the websites and some AI nudifiers offer payment via third party dealers or linked accounts on Telegram.
Even our relatively conservative estimate suggests the overall nudifier ecosystem may be worth up to $36 million a year. How this ecosystem of abuse reaches its audience is the subject of the rest of the report.
The persistent reach but shifting origins of traffic to AI nudifiers
AI nudifiers benefit from more direct traffic and extensive referral schemes
In December 2023, Santiago wrote a report on the AI nudifier industry for Graphika that found that a group of 34 AI nudifier websites attracted 24 million monthly unique visitors. While the websites in question have shifted, the sector is still reaching a comparable amount of users today. The 85 sites in our current sample received 18.6 million unique visitors on average each month up to May 20254. That adds up to nearly a quarter of a billion visits a year and is certainly a significant undercount of the total reach because it doesn’t include a long tail of smaller websites, nor does it count users accessing AI nudifiers through APIs, mobile apps, and Telegram bots.
Nearly two-thirds of the customers of the 85 AI nudifiers Indicator identified visited the top 10 most visited sites.

Nudifiers have a global footprint. The United States is the primary overall source of visits to the ten most visited nudifiers in our sample, with 15.8% of traffic. But other websites attracted a plurality of visitors from Brazil, India, and France. Dozens of other countries make up smaller percentages of traffic, comprising the overall majority of unique visitors to AI nudifiers. This follows efforts by AI nudifiers to translate their websites into dozens of languages and offer globally accessible payment options.

Traffic to the top 10 AI nudifiers by geography (Indicator analysis on Similarweb data)
While traffic patterns vary by site, the 10 largest nudifiers now get just over half of their incoming traffic from direct visits, i.e. users typing directly the URL of the website, according to Similarweb. This is a worrying pattern that suggests AI nudifier websites have established a brand awareness that could make it difficult to limit their footprint by targeting their marketing efforts on social media. One caveat is that Similarweb may label some traffic as “direct” when it’s unable to fully attribute its source, but even if we assume that some of the direct traffic has been mislabeled, nudifiers have an alarmingly high proportion of such visitors.

Traffic to the top 10 AI nudifiers by acquisition source (Indicator analysis on Similarweb data)
While social media is a small source of traffic for the big players, it can play a disproportionate role in user acquisition for websites that are newer or less well-known. For instance, xjoy[.]ai, which Alexios has found to be advertising on Meta in the past, got about 26% of its traffic from social media (primarily Instagram) in the six-month period covered by our analysis.
Additionally, while it varies by site, a significant share of traffic to the top 10 AI nudifiers originates from search engines. A lot of this is likely navigational, with users typing the name of the website they are seeking and clicking through to it on Google Search. Still, we found that 30 out of 35 search terms that drove traffic to the top sites in our sample returned either a nudifier or a positive review of a nudifier in the top 10 links of Google Search. This included obvious terms like “deepnude ai” and “ai clothes remover”. This was particularly true for queries in Russian.

Websites that review AI nudifiers are a significant chunk of traffic to the ecosystem. We identified that 16.4% of visits to the top 10 websites in our sample originate from referrals, especially from adult sites.
Many of the top AI nudifiers employ affiliate programs to generate traffic and sales. They include revenue shares, platforms for affiliates to monitor traffic and earnings, dedicated partner managers, and weekly payouts in USDT, a popular dollar-based stablecoin.

A screenshot of the affiliate promotional page for an AI nudifier
These paid affiliate programs may explain the hefty traffic from referral links.
Undress CC, the most visited AI nudifier in our sample, receives approximately 1.1 million of its 2.8 million monthly unique visitors from referral links. It also offers a 40% revenue share and claims its affiliates have made more than $2.6 million. The website even has an Instagram account dedicated to its affiliate program aimed at recruiting adult performers and content creators. (We informed Meta about this account, which the company subsequently deleted.) This trend was first reported by 404 Media’s Emanuel Maiberg and persists to this day with instructional videos on Pornhub.

Outlinks on high-traffic pornographic listing sites have driven millions of visitors to AI nudifiers. One site in particular stands out: ThePornDude, one of the top 50 adult websites by worldwide traffic and the top referral source for five out of ten of the top nudifiers in our sample. ThePornDude drove more than 8 million visits over a six-month period and potentially generated significant affiliate marketing revenue. Since mid-January 2025, it has prominently featured links to AI nudifiers at the top of its homepage in a box reviewing 69 different nudifiers. ThePornDude appeared in the top 10 links for 5 out of the 35 search queries we reviewed on Google.
Geoffrey Celen, founder and administrator of ThePornDude, told Indicator that the site’s disclaimers “explicitly state that using these tools on minors is illegal and constitutes a serious violation of child protection laws. We strongly condemn non-consensual content and do not tolerate misuse in any form.”
Celen added that “as a third-party platform, we review what’s publicly visible. If a site’s policies or features materially affect user safety or legality, we reassess. While we strongly condemn any non-consensual or illegal use, our role is limited to documenting publicly accessible features.”

Overall interest in AI nudifiers – and the economic lure of their affiliate programs – has led to a boom in related spamdexing, i.e. the creation of low-quality websites optimized for search engines featuring rote reviews of various nudifiers.

This effort to push links to AI nudifiers to the top of search engine results even extends to a spammy website about the EU’s General Data Protection Regulation, which includes a wide range of articles about AI nudifiers. Similarweb data shows this site has generated hundreds of thousands of outbound visits to AI nudifiers.

Additionally, AI nudifiers and their affiliates continue to insert links to their sites on popular websites that tend to rank well on Google. This includes sites like GitHub, Hugging Face, Medium, Replicate, and even Spotify.
Sometimes this pays off: Between December 2024 and May 2025, Hugging Face was the second largest source of referral traffic for undress[.]app, driving 325,900 visits to the site. It also sent 141,300 visits to undressai[.]tools.
In 14 of 35 frequent search queries leading to AI nudifiers, Google Search returned a review website or hijacked link in the top 10 links.
A Google spokesperson told Indicator that “while search engines allow people to access sites that are available on the web, we’ve launched and continue to develop ranking protections that limit the visibility of harmful, non-consensual explicit content, by promoting high-quality information, when available.”
A continued reliance on mainstream platforms for core infrastructure
Amazon, Cloudflare, Google, and Telegram provide a range of services to AI nudifiers
AI nudifiers continue to use mainstream tech infrastructure. This includes cloud services, DDoS protection, credit card and crypto payment processors, single sign-on widgets, search engine optimization tools, domain registrars, and content delivery networks. Tech companies that have publicly backed measures against deepfake nudes continue to provide services to tools that have commodified this type of sexual abuse.
As Santiago first reported for Graphika in 2023, AI nudifiers extensively employ single sign-on (SSO) buttons from mainstream companies to make registration easier. SSOs help AI nudifiers make creation of non-consensual synthetic nude imagery convenient and frictionless.
We found that 53 out of the websites in our sample offer registration and login through Google’s SSO. For some, logging in through Google is the only way to access the nudifying service.

Following reporting by Wired in August 2024 that led to the removal of some accounts, we observed that many top AI nudifiers slightly shifted techniques to avoid detection by Google. They use a “cut-out” website like greekyougurt[.]cfd as an intermediary site to pose as a different URL for the registration.

This includes repeated uses of Firebase URLs, another Google web development platform. We also still observed several developer accounts for top AI nudifiers linking directly to their known URL rather than employing a cut-out, suggesting a lapse in enforcement.

A Google spokesperson told us on Friday that “to use Sign in with Google, developers must agree to our Terms of Service, which prohibit illegal content as well as content which harasses others. Some of these sites violate our terms and our teams are taking action to address these violations, as well as working on longer term solutions.”
As of Saturday, Google SSO was no longer authorized on 23 of the 53 websites we’d identified, though it was still active on websites that have long been identified as central to this ecosystem like Undress[.]cc, Clothoff[.]net and Clothoff[.]info.

AI nudifiers continue to use payment platforms as if they were just a regular business. This includes normal credit card processors and mobile wallets such as Pix, UPI, WeChat, and AliPay. More recently, they expanded to allow payments by credit and debit cards through cryptocurrency payment processors such as Mercuryo or via a range of intermediaries.
One of the main ways customers can use their credit and debit cards to pay for deepfake nudes is through Telegram Stars. The program, launched in June 2024, lets users buy “Stars” through Apple Pay and Google Pay. Businesses can convert Stars into $TON, a cryptocurrency developed by Telegram. While Telegram’s website touts this payment mechanism as compliant with Apple and Google policies, they are the primary credit card processing option used by three of the top 10 AI nudifiers. Telegram Stars may have already been used for millions of dollars of payments to AI nudifiers.

Screenshot showing the process of purchasing credits on an AI nudifiers using Apple Pay to purchase Telegram “Stars”
Other sites used passthrough websites to facilitate payments via credit cards and mainstream payment systems. Various nudifiers appear to use a service called Luxury Fintech or LuxFin. LuxFin enables customers to use their credit or debit cards to pay nudifiers through PYUSD, PayPal’s stablecoin available on Venmo and PayPal. People can also use LuxFin to make PayPal payments, and use Apple Pay to instantaneously make payments through Coinbase’s Onramp system.

Screenshots showing how AI nudifiers use pass-through payment providers, in this case LuxFin, to allow customers to use credit cards to pay AI nudifiers.
Web traffic data indicates that a majority of luxfin[.]org’s traffic in the six months to May 2025 are from nudifiers. When Alexios reached out to Luxury Fintech for comment, an unnamed representative told us that “CSAM is a serious global problem, and I would never allow any of my products to be used in any context connected to such abhorrent activity. I am happy to assist you in this matter in any way I can, please let me know how.”
The company representative also told Alexios to “be extremely careful when mentioning my company in your articles. Defamation is a crime in the UAE, and I will ensure that you are prosecuted for any defamatory statements should you ever set foot here.”
After Alexios shared the Similarweb data and asked to see any Google Analytics data that might contradict it, the representative doubled down on their threats, writing that the data “is completely inaccurate and highly misleading. If you publish anything about my project that damages its reputation, I will pursue defamation charges against you and Craig in the UAE.” The representative did not share any evidence disproving the outgoing traffic from Similarweb.
In the video below, you can see the payment flow for nudify[.]online that redirects payment options like PayPal and Venmo through luxfin[.]org.
Finally, using BuiltWith5, we find that mainstream platforms are the predominant providers of hosting, content delivery, and domain registration services for the nudifiers in our sample.
The companies providing hosting and CDN services to the AI nudifiers may well be the path to radically restricting their reach at this stage. Cloudflare has in the past cut off service to Nazis and serial harassers. MrDeepFakes, the largest distributor of deepfake nudes in the world, went offline earlier this year because its CDN providers appears to have pulled the plug on the website.
Cloudflare provides at least one form of service to 62 of 85 sites in our sample. Amazon is also frequently represented, with 20 websites using it for hosting or content delivery. Other mainstream providers like GoDaddy, Namecheap and Vercel also appear in the BuiltWith data.
An Amazon spokesperson told us that “AWS has clear terms that require our customers to use our services in compliance with applicable laws. When we receive reports of potential violations of our terms, we act quickly to review and take steps to disable prohibited content. If anyone suspects that AWS resources are being used for abusive activity, they can report it to AWS Trust & Safety using the report abuse form.” (This form requires reporters to have an AWS account, which we chose not to sign up for.)
Cloudflare did not respond to our request for comment.
We also found that 9 websites use WordPress for their CMS. In an emailed statement, Mary Hubbard, Executive Director of the WordPress Project, told us that “WordPress.org and the broader WordPress open source project do not host content. However, if a site using the WordPress software violates the law or engages in non-consensual or abusive behavior, such as providing tools that enable image-based sexual abuse, we believe it should be reported to the appropriate hosting provider and legal authorities.”
Hubbard added that “as open source software, WordPress is available to anyone, much like Linux or a web browser. However, we are committed to working with others across the ecosystem to reduce the spread and impact of harmful tools such as AI nudifiers.”
We shared our leads with Wordpress owner Automattic and were told their Trust & Safety team would investigate whether any of the sites use any services that the company does control.
Urgent action is still necessary
To date, the fight against AI nudifiers has been a game of whack-a-mole. Despite extensive reporting on the harms caused by AI nudifiers that has led to the passage of the (flawed) Take It Down Act and an ongoing high-profile lawsuit against AI nudifiers by the San Francisco City Attorney’s office, new nudifiers continue to sprout up. The ecosystem as a whole remains resilient and profitable.
Our analysis indicates that nudifiers are persistent and malicious adversaries. Tech platforms and law enforcement should treat them as such.
A key step that tech companies can take to address AI nudifiers is to approach them like websites that facilitate child sexual abuse material (CSAM). There is a growing body of evidence that children are targeted by AI nudifiers at significant rates, including a Thorn survey that found 6% of American teens claim to have been targeted by deepfake nudes. A 2024 report by the Internet Watch Foundation identified a “pedophile guide” developed by abusers online that encouraged predators to use nudifying tools to generate material with which to blackmail children.
Meta took a belated step in this direction with its recent announcement that it would share information on nudifiers through the Tech Coalition’s Lantern program, a cross-platform signal sharing program targeted at combatting online child sexual exploitation and abuse.
Platforms up and down the moderation stack need to step up their game against AI nudifiers if there is any hope to make more than partial progress in the battle against non consensual deepfake nudes.
Indicator members can access our data here: NCII Site Master List (Indicator July 2025)
1 Note that 7 of those websites were not online when we started our investigation now no longer online.
2 Similarweb is one of the largest web analytics platforms available. It’s been around 16 years and reportedly has 10,000 customers. While its data should be treated as an approximation of the precise figures, it was found in 2022 to most closely match Google Analytics data reported by the webmasters themselves.
3 Telegram, as we detail later in this piece, serves as a credit card payment processor for AI nudifiers and as such, we associate outbound traffic to Telegram as outbound traffic to a payment provider. While there may be false positives in this total that were outbound visits to Telegram itself, we are confident that with reductions from cart abandonment rates and the design of the websites measured, we are well within the margin error.
4 Unless otherwise stated, all traffic data is from Similarweb.
5 BuiltWith creates free profiles of websites by picking up any signatures of analytics tools, content management and delivery systems, servers, etc that are visible in a site’s source code. You could see most of the same stuff by hitting “inspect” on the specific website. Craig has written about using BuiltWith to connect websites together here.



