ICANN accredited registrar seals stamped NEGLIGENT — enablers accountability poster.

Live feed / archive shell

The feed is live enough for an archive

Fresh cases belong to the upstream operator. This mirror only preserves the stream, strips the self-congratulation, and leaves a clean read-only view behind.

Live intake mirrorRead-only copyWrapped outbound

Open source gate Briefings desk Registrar ledger

File /live·Source voice preserved·Brand labels redacted

Live

[REDACTED]00:35[REDACTED]00:33[REDACTED]00:25[REDACTED]00:22kreditti.mx00:17[REDACTED]00:15[REDACTED]00:12[REDACTED]22:38[REDACTED]22:38[REDACTED]22:38[REDACTED]-my.[REDACTED]22:38[REDACTED]22:38[REDACTED]21:55[REDACTED]21:24[REDACTED]20:44[REDACTED]20:41[REDACTED]20:34rewards-jup.pw20:34[REDACTED]20:34[REDACTED]20:34[REDACTED]00:35[REDACTED]00:33[REDACTED]00:25[REDACTED]00:22kreditti.mx00:17[REDACTED]00:15[REDACTED]00:12[REDACTED]22:38[REDACTED]22:38[REDACTED]22:38[REDACTED]-my.[REDACTED]22:38[REDACTED]22:38[REDACTED]21:55[REDACTED]21:24[REDACTED]20:44[REDACTED]20:41[REDACTED]20:34rewards-jup.pw20:34[REDACTED]20:34[REDACTED]20:34

█ Daily threat activity

Last 30 days, by detection volume.

peak: 01 Jun · 952 detections

Today Daily count

07 May · 0

08 May · 175

09 May · 155

10 May · 32

11 May · 227

12 May · 177

13 May · 143

14 May · 150

15 May · 319

16 May · 133

17 May · 171

18 May · 181

19 May · 251

20 May · 206

21 May · 228

22 May · 80

23 May · 130

24 May · 205

25 May · 124

26 May · 0

27 May · 58

28 May · 359

29 May · 354

30 May · 640

31 May · 248

01 Jun · 952

02 Jun · 398

03 Jun · 229

04 Jun · 7

05 Jun · 0

May 07 May 14 May 21 May 28 Jun 05

Daily average 211

Peak (01 Jun) 952

7-day momentum ↑ 101%

Total / 30d 6,711

01 / Featured exposés · this week

Why the registrars bury our reports.

all investigations · /news →

Retaliation 15 Apr 2026

Investigation · IANA #1479

IANA #1479 killed our Twitter because we told the truth about them.

Two THE ENABLERS REGISTRY X accounts locked under three shifting justifications. Two weeks earlier we documented IANA #1479 sheltering a $20M+ Monero-theft operation now under EU criminal investigation.

9 min · ResearchRead exposé →

Registrar 14 Apr 2026

Investigation · IANA #3736 (IANA #4318)

IANA #3736.com: "bulletproof" registrar with €120 in declared revenue.

An ICANN-accredited registrar that calls itself bulletproof in its own DNS TXT record. Estonian shell, €120 revenue, one employee, Belarusian owners — and a week of fresh fake-Elon casino domains.

14 min · ResearchRead exposé →

Negligence 11 Apr 2026

Investigation · IANA #3858

IANA #3765: 5,000+ abuse reports, zero takedowns, one excuse.

Top abused registrar in our dataset. 1,865 alive 7+ days after first report, 156 of those re-reported. The "we forwarded your complaint to the registrant" auto-reply is the entire abuse-process.

12 min · ResearchRead exposé →

$20M+ Heist 02 Apr 2026

Investigation · [REDACTED] · Monero drainer

10 years, $20M+ stolen, IANA #1479 never took it down.

Decade-old Monero possibly phishing operation traced from view-key theft to wallet exfiltration. Now under active EU criminal investigation — registrar still hosting derivative domains.

22 min · InvestigationRead exposé →

Pattern 28 Mar 2026

Pattern report · 12 registrars

The registrar abuse response failure — a system, not a glitch.

Cross-registrar pattern of delays, deflection and victim-blaming. Same template responses, same 7-day-plus survival rates, same registrants. "Forwarded to registrant" = the gravestone of every abuse complaint.

18 min · PatternRead pattern →

02 / Append log · destroylist

The blacklist scrolls whether you watch or not.

live tail · destroylist/main
updated every <30s · UTC

~/destroylist main $ tail -f list.json UTC 22:50:50 LIVE

$ # Append-only feed. Each row = one new domain entering the blacklist.
$ wc -l list.json
119,230 domains tracked · 0 appended in last 24h

[2026-06-04 00:35:56] + [REDACTED] .info

[2026-06-04 00:33:24] + [REDACTED] .com

[2026-06-04 00:25:50] + [REDACTED] .com

[2026-06-04 00:22:18] + [REDACTED] .com

[2026-06-04 00:17:45] + kreditti.mx .mx

[2026-06-04 00:15:14] + [REDACTED] .com

[2026-06-04 00:12:42] + [REDACTED] .com

[2026-06-03 22:38:19] + [REDACTED] .com

[2026-06-03 22:38:19] + [REDACTED]-my.[REDACTED] .com

[2026-06-03 22:38:18] + [REDACTED] .com

[2026-06-03 21:55:54] + [REDACTED] .com

[2026-06-03 21:24:35] + [REDACTED] .com

[2026-06-03 20:44:10] + [REDACTED] .com

[2026-06-03 20:41:38] + [REDACTED] .dev

[2026-06-03 20:34:06] + [REDACTED] .exchange

[2026-06-03 20:34:06] + rewards-jup.pw .pw

[2026-06-03 20:34:05] + [REDACTED] .one

[2026-06-03 20:34:05] + [REDACTED] .com

20 latest entries · 119,230 total domains tail -f list.json

03 / Surface analytics

Where the infrastructure hides — and what it costs you.

7 of 1,189 registrars shown
ranked by abuse volume · last 30 days

Top abused registrars

last 30 days

[REDACTED] 100% of #1 abuser 20,116

[REDACTED] 70.4% of #1 abuser 14,170

[REDACTED] d/b/a IANA #303 26.1% of #1 abuser 5,247

[REDACTED] 20.5% of #1 abuser 4,124

[REDACTED] 20.2% of #1 abuser 4,068

[REDACTED] 19.8% of #1 abuser 3,983

[REDACTED] 17.8% of #1 abuser 3,588

Top abused TLDs · damage dealt

cost burned by scammers

.com $414,900

.dev $134,796

.app $94,665

.xyz $12,404

.io $192,760

.net $45,852

.org $40,788

Total damage / all-time $1,066,441

04 / The dossier · active threats

The dossier — raw, unfiltered, append-only.

20 shown · 119,230 total
newest first · scroll for more