DEV Community

Cover image for The Backbone of Global Scam: How NameSilo, Webnic, and NiceNic
PhishDestroy
PhishDestroy

Posted on

The Backbone of Global Scam: How NameSilo, Webnic, and NiceNic

Global scam thrives on registrar protection.

πŸ’₯ Every second you read this, someone is being scammed β€” with the help of ICANN-accredited registrars.
NameSilo, Webnic, and NiceNic don’t just sell domains β€” they sell time, safety, and legitimacy to global criminals.
We scanned just one Nigerian IP β€” almost every site was fraud, kept alive by these registrars despite abuse reports.
Now imagine that, multiplied by thousands of IPs, across every country.

🚨 Introduction

In 2025, our OSINT investigation revealed a hard truth:
Some ICANN-accredited registrars are not passive bystanders in cybercrime β€” they are key enablers.

NameSilo, Webnic, and NiceNic sell domains to scammers from any country, for any kind of fraud, and then systematically ignore abuse reports.
Phishing for crypto? Fake banking portals? Medical scams preying on cancer patients? All of it passes.

We’ve documented this in detail and made our findings public:

πŸ“‚ Global scam domain database (auto-updated):
https://github.com/phishdestroy/destroylist

🌍 Not Just One Country β€” A Global Problem

This issue has nothing to do with geography.
Whether a scammer operates from the US, Europe, Asia, or Africa, these registrars will take their money and look away.

Example case: We scanned just one IP hosted by Betahost247 **in Nigeria. Almost every single domain pointed to it was live scam content. The hosting provider left them running β€” and the domains were all registered via **NameSilo, Webnic, and NiceNic.

This isn’t the main infrastructure of global scams β€” it’s a snapshot showing how these registrars behave everywhere.

πŸ“‚ Nigeria case study β€” 1 IP scan results:
https://github.com/phishdestroy/Nigerian-dignity

πŸ” Interactive scam domain list from this IP:
https://phishdestroy.github.io/Nigerian-dignity/out/index.html

πŸ“‘ Full ASN search results for AS36352:
https://urlscan.io/asn/AS36352

🧩 How Their Business Model Works

A scammer’s needs are simple:

  1. Hosting that won’t take them down quickly
  2. A registrar that ignores complaints
  3. Enough time to finish the fraud cycle NameSilo, Webnic, and **NiceNic **deliver #2 flawlessly.

Our findings:

  • ❌ No effective abuse handling β€” domains stay live for weeks or months
  • ❌ Even government-level abuse notices are ignored without a court order
  • (Example: FTC complaint against NameSilo, Dec 2024)
  • ❌ Selective takedowns β€” one or two domains removed, rest untouched
  • ❌ No KYC β€” anyone can register domains instantly, for any purpose

πŸ“Š The Scale

  • 30,000+ abuse reports in 2025 involving these registrars
  • In some samples for Webnic and NiceNic, over 90% of active domains were tied to scams
  • The Nigeria IP scan is just one visible case β€” but the same pattern repeats across the globe

πŸ’€ The Real-World Damage

Every ignored abuse report means:

  • More people losing their savings
  • More victims targeted via paid ads
  • More stolen credentials and identities sold on criminal forums
  • In medical fraud cases β€” lives put in danger This is not passive negligence β€” this is a deliberate business choice to keep scammer accounts alive.

πŸ—£ Public Reviews Tell the Same Story

Even outside OSINT investigations, public review platforms confirm the pattern.

Trustpilot β€” Webnic.cc
Trustpilot β€” NiceNic
Sitejabber β€” NameSilo

Hundreds of users report identical experiences:

  • Abuse reports are ignored or met with template replies.
  • Registrars demand screenshots and details already included in the original report.
  • Cases are closed without action if the complainant does not reply again β€” even when the registrar already has all evidence.
  • Many negative reviews are deleted or buried, while genuine criticism is drowned in PR-generated positive posts.

This is not an accident β€” it’s a deliberate time-delay tactic.
Every day they delay, scammers continue to steal, run ad campaigns, and drain wallets before any takedown happens.

**

πŸ’‘ What Would Change if They Acted

**
If these registrars acted within hours:

  • Tens of thousands of victims could have been spared in 2025 alone
  • Large fraud networks would collapse under faster takedowns
  • Criminal ROI would plummet, making scam campaigns far less sustainable Instead, the delays give scammers exactly the operational window they need.

πŸ†š The Contrast

Responsible registrars:

  • Require full identity verification (KYC)
  • Act on abuse reports in minutes
  • Shut down all domains linked to a scammer
    NameSilo / Webnic / NiceNic:

  • Ignore or delay abuse handling for weeks

  • Keep known scammer accounts active indefinitely

  • Bypass their ICANN RAA 3.18 obligations to investigate and respond to abuse

πŸ” What Needs to Happen

  • ICANN Compliance must audit these registrars for repeated violations
  • Enforce full KYC for all registrations
  • Suspend entire scam portfolios upon confirmed abuse
  • Introduce an industry-wide ban list for repeat abusers **

πŸ“Œ Sources & Evidence

**

πŸ’¬ Conclusion

NameSilo, Webnic, and NiceNic are not neutral service providers. They are pillars of the scam economy, selling domains to criminals from any country and ignoring evidence of abuse β€” even when lives are at stake.

The Nigerian IP example shows exactly how this plays out in real life β€” but it’s just one of many.
Until ICANN and regulators treat registrar inaction as active facilitation of cybercrime, the global scam industry will keep running on the infrastructure they provide.

Top comments (0)