Posted by: PhishDestroy
Date: May 2026
Evidence Archive: https://phishdestroy.eth.limo/

TL;DR

An independent investigation containing 61 SHA-256 verified screenshots and a permanent IPFS archive alleges that ICANN-accredited registrar NameSilo (IANA #1479) has enabled large-scale cybercrime through years of inaction on abuse reports.

Key findings include:

• 81.5% of registered domains identified as dead or parked

• Alleged $50.8M in phantom revenue

• Alleged cover-up involving the xmrwallet.com case

• Abuse reports reportedly ignored for years

• Multiple documented examples of phishing infrastructure remaining online after reports

1. NameSilo Abuse - Systemic, Not Accidental

According to the investigation, the issue goes beyond isolated incidents.

The archive contains 61 exhibits claiming that Namesilo abuse reports submitted to abuse@namesilo.com were ignored despite proof of delivery and supporting evidence.

Examples cited include:

• Abuse complaints remaining unresolved for 30+ days

• Historical complaints dating back as far as 2018

• Victims reporting financial losses linked to domains registered through NameSilo

The report argues that these cases indicate a pattern rather than isolated mistakes.

Key Claims

• 81.5% of NameSilo domains are dead or parked

• $50.8M in alleged phantom revenue

• Public defense of the operator behind xmrwallet.com

• Failure to remove reported phishing infrastructure

2. NameSilo Phishing Domains

The report claims that Namesilo phishing domains appear frequently across several scam categories, including:

• Tax impersonation scams

• Cryptocurrency scams

• Fake e-commerce stores

• Wallet drainers and clone websites

Reasons cited include:

• PrivacyGuardian WHOIS protection

• Cryptocurrency payment options

• Limited domain suspensions after abuse reports

The investigation also references an ICANN complaint that was reportedly closed while the registrar remained contractually compliant.

3. NameSilo as a Bulletproof Registrar

The report argues that NameSilo operates similarly to what researchers describe as a "Namesilo bulletproof registrar."

Characteristics cited include:

• Minimal identity verification

• Continued service to repeat offenders

• Lack of action after abuse reports

• Protection of customer identities through privacy services

Additional allegations include:

• Removal of negative reviews

• Reputation management campaigns

• Actions against critics instead of reported phishing domains

4. Eight Years of Ignored Abuse Reports

Examples highlighted in the archive include:

• FTC complaint allegedly unanswered

• Historical reports from Reddit and BitcoinTalk users

• Security researchers allegedly penalized after reporting scams

• Reports from CERT teams receiving little or no response

The report concludes that abuse handling failures appear consistent over multiple years.

5. NameSilo Scam Report Highlights

The investigation's primary claims include that the Namesilo scam report:

• More than $100M allegedly stolen through xmrwallet.com

• 81.5% dead-domain rate

• $50.8M in alleged phantom revenue

• 61 SHA-256 verified screenshots

The archive states that all evidence has been preserved and permanently stored via IPFS.

6. How to Report Suspicious NameSilo Domains

The Report Namesilo domainst recommends escalating beyond standard registrar abuse channels.

Suggested options include:

1. File an ICANN DNS Abuse Complaint

2. Submit reports to FTC or FBI IC3

3. Report phishing URLs to Google Safe Browsing

4. Contact the hosting provider directly

5. Report incidents to APWG

The investigation also recommends preserving evidence through screenshots and cryptographic hashes.

7. Bulletproof Registrars and Registrar Fraud

The report identifies several Bulletproof registrars list that it claims follow similar patterns:

• NameSilo

• Webnic

• NiceNic

According to the investigation Domain registrar fraud, common characteristics include:

• Limited abuse enforcement

• Repeated scam-related registrations

• Reliance on weak regulatory oversight

The report argues that domain registrar abuse is not limited to offshore companies and can involve accredited registrars.

8. Phishing Infrastructure Takedown

When a registrar does not act, the report suggests that find Phishing infrastructure takedown:

Step 1

Escalate to the registry operator (such as Verisign for .com domains).

Step 2

Submit reports to law enforcement agencies.

Step 3

Raise awareness on cybersecurity communities and forums.

Step 4

Seek legal advice where appropriate.

The report notes that public pressure can sometimes contribute to domain seizures and enforcement actions.

Final Call to Action

Evidence Archive:
https://phishdestroy.eth.limo/

Review the archived exhibits, examine the evidence, and conduct your own assessment.

If you encounter phishing or fraudulent infrastructure, document the evidence, report it through appropriate channels, and share relevant information with the cybersecurity community.

Discussion and feedback are welcome.