# NameSilo's Second Public Response — May 11, 2026

## The tweet

**From:** @NameSilo (Verified Organization account)
**Date:** May 11, 2026, 16:26 UTC
**URL:** https://x.com/namesilo/status/2053874303037219046
**In reply to:** @bhabhiezayn/status/2053743570058686645
**Views:** 315 | **Replies:** 106 | **Likes:** 7 | **Retweets:** 0

> "Your claims are false, libelous and defamatory. NameSilo takes action and reviews all abuse reports submitted to us. If you have any such cases, please submit them to abuse@namesilo.com. Otherwise, please contact the website host or registrant directly. And halt your falsehoods towards us or we will be forced to undergo legal action."

**Archived:** This tweet is preserved in this file, in git history, and on IPFS. If deleted, the SHA-256 of this document serves as proof of content at commit time.

---

## Side-by-side: NameSilo vs. the operator

The language pattern between NameSilo's official account and the xmrwallet operator is identical. Same playbook, same phrases, same strategy: threaten legal action, claim everything is false, provide zero factual rebuttal.

| Element | Operator (Feb 2026) | NameSilo (Mar 13, 2026) | NameSilo (May 11, 2026) |
|---------|---------------------|-------------------------|-------------------------|
| **Opening** | "You are incorrect with your report" | "Our abuse team conducted an in-depth review" | "Your claims are false, libelous and defamatory" |
| **Strategy** | Deny everything, provide no technical rebuttal | Fabricate "compromise" story contradicted by operator's own emails | Deny everything, threaten lawsuit |
| **Threat** | "Feel free to subpoena the domain registrar" | — | "we will be forced to undergo legal action" |
| **Redirect** | "Please remove your report" | "working with registrant to remove VT reports" | "submit them to abuse@namesilo.com" |
| **Facts addressed** | Zero | Zero | Zero |
| **Specific claims rebutted** | None | None | None |
| **Evidence provided** | None | None | None |

### What they did NOT address (in any of their three statements):

1. Why `raw_tx_and_hash.raw = 0` discards client transactions
2. Why `session_key` transmits private view keys 40+ times per session
3. Why 3 other registrars (Tucows, NICENIC, Gandi) suspended the same domain on sight
4. Why 81.5% of their 5.18M domains are dead/parked
5. Why their P/E ratio is 143.8x (industry average: 21x)
6. Why the operator said "subpoena the registrar" before NameSilo's public defense
7. Why they offered to scrub VirusTotal detections for a flagged phishing domain
8. Why the FTC sent them a warning letter in December 2024
9. Why 100+ victim reviews disappeared from Trustpilot
10. Why the @Phish_Destroy Gold Checkmark account was locked after tagging them

**Three public statements. Zero factual rebuttals. Three threats.**

---

## The matthagan22 incident — May 12, 2026

**@matthagan22** (Matt Hagan — "high-energy father and husband, passion for retail real estate, smallcap investing, college football") entered the thread to defend NameSilo.

His move: posted a screenshot highlighting that the critic's analytics showed traffic from Kenya — an ad hominem attack on the researcher's location instead of addressing any facts.

**Then he deleted both his tweets.**

The deletion confirms he realized:
- Attacking a researcher's country instead of their evidence is transparently weak
- His involvement reveals personal connection to NameSilo beyond casual shareholding
- Normal retail investors do not monitor phishing-abuse threads and attempt to doxx critics

Screenshot of his deleted tweet preserved: `evidence/kenya-attack-tweet.png`

**@bhabhiezayn's response (preserved):**
> "Wow, so are you Paul or one of his fans? Like, phishdestroy.eth.limo/namesilo-win98.html — I tried to make it easy for you — but why post nonsense from a secondary account? If I'm lying — why would I? But that's not the point. Just refute it with facts like I did. Read it, figure it out, and delete it — it's all signed. Meanwhile, I'm going to go thank Leonid."

---

## Pattern summary

| Date | Actor | Action | Result |
|------|-------|--------|--------|
| Feb 16, 2026 | Operator (N.R.) | "You are incorrect, remove your report" | Zero technical rebuttal |
| Mar 13, 2026 | @NameSilo | "The domain was compromised" (fabricated) | Every claim contradicted by operator's own emails |
| Mar 2026 | NameSilo/operator | @Phish_Destroy Gold account locked | X Support: "no violation found" — account still locked |
| Apr 2026 | NameSilo/operator | Bing delisting requests, DDoS, DMCA | Site moved to IPFS + ENS — uncensorable |
| May 11, 2026 | @NameSilo | "false, libelous, defamatory" + legal threat | Zero factual rebuttal (again) |
| May 12, 2026 | @matthagan22 | Ad hominem (Kenya geolocation attack) | Deleted own tweets within hours |

**The pattern is always the same: threaten, suppress, never address the evidence.**

---

## A note to NameSilo on legal threats

You wrote: *"we will be forced to undergo legal action."*

Against whom, exactly?

PhishDestroy is not a company. Not a legal entity. Not a person. Not a party to any dispute. It is a volunteer anti-scam research initiative. You cannot sue "anti-fraud" any more than you can sue "the weather." This was stated explicitly in the disclaimer on the front page of this archive — the same archive you apparently read before threatening it.

You already locked the primary research account (@Phish_Destroy) via X Gold Checkmark abuse. So a community member posted the findings from a different account. Your response: your associates attempted to doxx the account's geolocation (Kenya, apparently) instead of addressing a single factual claim. Then deleted the evidence of their own doxxing attempt. We kept it.

**We did not ask the community for help.** We did not organize a campaign. We did not recruit anyone. But when you threaten researchers publicly, the community sees it on its own. Several independent researchers have already offered to file complaints. That is not our doing — that is the natural consequence of threatening people who document fraud.

**So go ahead. File your lawsuit.**

Here is what will happen:
1. You will need to identify a defendant. There isn't one. PhishDestroy has no registered entity, no address, no officer, no bank account.
2. Discovery will require you to open your books — abuse report logs, operator communications, financial records. That is exactly what we have been asking for.
3. Every claim in this archive will be entered into court record, under oath, with SHA-256 verification. The 5.18M domain CSV. The operator's emails. Your fabricated "compromise" story. The FTC warning letter. All of it — in a public proceeding.
4. The Streisand Effect will do the rest.

You do not want discovery. You do not want a courtroom. You want silence. That option expired when you publicly defended a ten-year crypto drainer and offered to scrub his VirusTotal record.

**We would genuinely welcome a lawsuit.** It is the fastest path to the truth entering official record.

---

## Where this archive lives

This content is distributed across multiple IPFS pinning services and gateways. There is no single server to take down, no single host to pressure, and no "report" button to abuse.

**ENS Subdomains — each points to a different source:**

| Domain | Protocol | Content |
|--------|----------|---------|
| `phishdestroy.eth.limo` | IPFS via ENS | Live investigation site |
| `archive.phishdestroy.eth.limo` | Arweave via ENS | Permanent site backup (blockchain) |
| `download.phishdestroy.eth.limo` | Arweave via ENS | Downloadable ZIP archive (blockchain) |

**Arweave (permanent, in blockchain forever):**
- Site: `https://arweave.net/LUuditolJS-Y15IezfpzRI36sxhd1CIvFNOf_eAG2AU`
- ZIP: `https://arweave.net/POyM8T47PSmjikYbQ63muVD4iFf2tnbASDNK1XJIg1I`
- TX confirmed, paid from AR wallet `nlURkpaq5oouoUYLtgH8pLep6oyeVmWCkvNon0uFE28`

**IPFS (content-addressed, anyone can re-pin):**
- CID: `bafybeibihjlg4wdmiur2k57c6be4fkttju5kekqsyuq7kl4a3uoeg65xlq`
- 4everland: https://ipfs-archive-nsdim0vd-phishdestroy.ipfs.4everland.app/
- gw3.io: https://gw3.io/ipfs/bafybeibihjlg4wdmiur2k57c6be4fkttju5kekqsyuq7kl4a3uoeg65xlq/
- dweb.link: https://dweb.link/ipfs/bafybeibihjlg4wdmiur2k57c6be4fkttju5kekqsyuq7kl4a3uoeg65xlq/
- Any IPFS gateway works: `ipfs://<CID>`
- Re-pin command: `ipfs pin add bafybeibihjlg4wdmiur2k57c6be4fkttju5kekqsyuq7kl4a3uoeg65xlq`

**Source control:**
- Multiple private git repositories mirrored across different providers and jurisdictions

**Web archives:**
- Wayback: https://web.archive.org/web/20260512154704/https://www.forbes.com/advisor/business/software/namesilo-review/
- GhostArchive: https://ghostarchive.org/archive/CXXZ0 (NameSilo's March 13 tweet)

**Total: 10+ independent mirrors across 3 protocols (IPFS, Arweave, Web Archive), 5+ jurisdictions, and 2 blockchains (Ethereum ENS, Arweave).**

Anyone can re-pin the IPFS CID. Anyone can download the Arweave ZIP and re-upload. Anyone can submit URLs to Wayback Machine. The content is CC BY 4.0 licensed with an explicit evidentiary-use grant. There is nothing to take down because there is no center.

---

## A note to IPFS pinning providers and gateway operators

If you receive a legal threat or pre-litigation letter from NameSilo, LLC (IANA #1479) or their counsel regarding this content:

1. **Verify it is an actual court order**, not a pre-litigation demand letter from their attorneys. A lawyer letter is not a court order. You are under no obligation to act on threats.
2. **This archive contains no personal data** of private individuals, no stolen credentials, no malware, and no illegal content. It is security research consisting of publicly available records, SHA-256 verified screenshots, and analysis of public financial filings.
3. **If you receive an actual court order** (not a demand letter — an order signed by a judge), feel free to unpin our CID. We will generate a new one within hours. You should not risk your operations for us, and we do not ask you to.
4. **If you receive only a demand letter**, know that PhishDestroy has dealt with false DMCA takedowns before. We contested. We won. Repos were restored. The pattern is always the same: threaten, file, lose, repeat.

This content exists because NameSilo's response to documented fraud is suppression, not transparency. Every takedown attempt is documented and becomes additional evidence of the suppression pattern.

---

*Filed: May 12, 2026*
*Previous response documented: evidence/03-namesilo-statement-mar13.png (SHA-256: ad29e1d3d4803ff37c88ef860bef6de9e62f6ce533657f2e5c5460eb2e0b8ebf)*