# xmrwallet.com — Primary Domain

**Status:** Active  
**Registrar:** NameSilo  
**Registered:** 2016  
**Expires:** 2031  
**Hosting:** IQWEB FZ-LLC (bullet-proof, $550+/month) via DDoS-Guard CDN AS59692  
**IP:** 186.2.165.49  

## Registrar Cover-Up

NameSilo received the same evidence that led 3 other registrars to suspend. NameSilo:
- Called the operator "the victim"
- Claimed the site was "compromised" (hacked) — contradicted by operator's own emails
- Helped the operator remove VirusTotal security warnings
- The operator told us "subpoena the registrar" BEFORE we filed any abuse report — he knew NameSilo would protect him

File ICANN complaint: https://www.icann.org/compliance/complaint

## Evidence
- session_key view key exfiltration confirmed
- raw_tx_and_hash.raw = 0 (TX hijacking)
- 4 Google trackers (GTM, GA, GA4, DoubleClick)
- /support_login.html backdoor
- URLQuery: https://urlquery.net/report/a56ea134-19f0-467f-88c3-3444f5c49c06
- VirusTotal: https://www.virustotal.com/gui/domain/www.xmrwallet.com
- GitHub: Issues #35 & #36 — deleted by operator, archived

## Articles
- Medium: https://phishdestroy.medium.com/xmrwallet-com-2953f35b8a79
- dev.to: https://dev.to/phishdestroy/xmrwallet-com-scam
- GitHub Pages: https://phishdestroy.github.io/DO-NOT-USE-xmrwallet-com/