Audit log

Every state-changing event for Porkbun: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-19 16:20:54Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,804,466

   sig

   48p9bJrS8p34…WgrP9AUccopyexplorer ↗

   hash

   5YgjctTUS6k3…ewyhRVdzcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (18017 B) ▸

   {"actor":"system:backfill","investigation_id":"7d7855a3-e056-4c0f-8356-5c876bdf832c","kind":"publish","page_slug":"porkbun","published_at":"2026-05-19T16:20:54.212Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Porkbun","sections":[{"content":"Porkbun LLC is an ICANN-accredited domain name registrar (IANA Registrar ID 1861) founded around 2014-2015 by Ray King and Peter Brual, and based in Sherwood, Oregon, USA. The company is a wholly-owned subsidiary of Top Level Design LLC, an ICANN-accredited TLD operator also founded by Ray King. Porkbun is known in the domain industry for transparent, low-cost pricing — it sells .com domains at or near cost — and for being among the first registrars to offer free WHOIS privacy protection. As of mid-2024, the company manages over 3.45 million domain names, making it the approximately 20th largest ICANN-accredited registrar globally and the 9th largest for new TLDs. Porkbun offers free SSL certificates via Let's Encrypt, a bug bounty program, and 365-days-per-year customer support.","heading":"Company Background","severity":"low","sources":[{"credibility":1,"name":"Porkbun About Us","type":"official","url":"https://porkbun.com/about"},{"credibility":2,"name":"Porkbun - ICANNWiki","type":"other","url":"https://icannwiki.org/Porkbun"},{"credibility":2,"name":"Porkbun.com Now Manages Over 2 Million Domain Names - BusinessWire (June 2024)","type":"news_article","url":"https://www.businesswire.com/news/home/20240624756552/en/Porkbun.com-Now-Manages-Over-2-Million-Domain-Names"},{"credibility":2,"name":"Registrar info - Porkbun LLC (IANA ID 1861) - DomainNameStat","type":"research","url":"https://domainnamestat.com/statistics/registrar/Porkbun_LLC-IANA_ID-1861"}]},{"content":"On-chain investigator ZachXBT has flagged Porkbun in the context of phishing infrastructure linked to Angel Drainer and Inferno Drainer, two prevalent drainer-as-a-service operations responsible for hundreds of millions of dollars in crypto losses. The specific concern is that phishing domains impersonating Ledger and other major crypto brands were registered through Porkbun, and that abuse reports filed against those domains were acted upon slowly or inconsistently. Etherscan, the Ethereum block explorer, is also cited among source tags in the context of wallet addresses used by draining campaigns that leveraged Porkbun-registered domains. The concern is not that Porkbun intentionally facilitates fraud, but that its abuse-response posture makes it a preferred registrar for phishing operators. No regulatory action or court filing against Porkbun has been identified in connection with these allegations.","heading":"Flagging by ZachXBT and Crypto Security Community","severity":"medium","sources":[{"credibility":2,"name":"Phishing Domains by Porkbun LLC - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/?registrar=Porkbun+LLC"},{"credibility":3,"name":"Porkbun on X responding to Coinspect phishing report","type":"social_media","url":"https://x.com/Porkbun/status/1965113712555295214"},{"credibility":3,"name":"Dark Web Informer: Porkbun confirmed phishing domain taken down","type":"social_media","url":"https://x.com/DarkWebInformer/status/1965128800506900591"}]},{"content":"According to PhishDestroy, a volunteer-run crypto phishing intelligence and takedown platform, Porkbun LLC has 889 flagged phishing domains in its database as of April 2026 — representing roughly 0.026% of Porkbun's total domain portfolio. Among the drainer kits detected on Porkbun-registered phishing domains, Angel Drainer is the most prevalent (4,385 instances across all registrars), followed by Solana Drainer and WalletConnect abuse. Ledger, Coinbase, and Solana are among the most frequently impersonated brands on these domains. A specific example domain identified by PhishDestroy as registered through Porkbun is ledgersync.app, which impersonates Ledger's sync functionality. Another example, chatdefi.app, was registered through Porkbun on April 8, 2026 and hosts a crypto drainer kit. The absolute volume of flagged domains at Porkbun (889) is notable but should be contextualized against the registrar's scale; Porkbun does not appear in the top-20 registrars by phishing domain count in the Cybercrime Information Center's 2024-2025 annual registrar phishing report, suggesting the overall abuse rate relative to portfolio size is lower than many peers.","heading":"Phishing Domain Volume and Drainer Kit Detection","severity":"medium","sources":[{"credibility":2,"name":"Phishing Domains by Porkbun LLC - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/?registrar=Porkbun+LLC"},{"credibility":2,"name":"chatdefi.app Crypto Drainer Domain Report - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/chatdefi.app/"},{"credibility":2,"name":"Phishing Landscape 2025, Domain Registrars: May 2024 - April 2025 - Cybercrime Information Center","type":"research","url":"https://www.cybercrimeinfocenter.org/phishing-activity-in-registrars-may-april-2025"},{"credibility":2,"name":"Web3 Crypto Malware: Angel Drainer - Overview, Variants and Stats - Sucuri Blog (February 2024)","type":"research","url":"https://blog.sucuri.net/2024/02/web3-crypto-malware-angel-drainer.html"}]},{"content":"PhishDestroy has filed 280 abuse reports covering 274 phishing domains registered through Porkbun since January 2, 2026. According to PhishDestroy's tracking, 71% of reported domains remained active after reports were filed, with 194 domains still live and 595 taken down. PhishDestroy assigns Porkbun a Global Risk Score of 25/100 (elevated) and characterizes the enforcement record as reflecting 'inadequate enforcement of abuse policies.' The platform states that 'silence beyond 24 hours after a documented notification with verifiable evidence is not a timing issue — it is a policy decision.' In at least one documented case (chatdefi.app, April 2026), a PhishDestroy abuse report filed on the registration date received no registrar action for over one month. In contrast, Porkbun's public Twitter account responded to at least one security researcher report (from firm Coinspect, May 2025) stating it had 'pinged the abuse department' and confirmed the domain was subsequently suspended — suggesting the company does act on high-visibility reports. Porkbun's stated abuse policy requires 'definitive and verifiable proof' for all reports, and the company restricts its scope to DNS-level abuse under ICANN contract requirements, declining to address content disputes or trademark issues. Critics argue this evidentiary bar and narrow scope effectively delays action on obvious phishing domains.","heading":"Abuse Response Record and Enforcement Concerns","severity":"high","sources":[{"credibility":2,"name":"Phishing Domains by Porkbun LLC - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/?registrar=Porkbun+LLC"},{"credibility":1,"name":"Porkbun Abuse Complaint Policy","type":"official","url":"https://porkbun.com/abuse"},{"credibility":2,"name":"Report phishing to Porkbun - phish.report","type":"community_report","url":"https://phish.report/contacts/Porkbun"},{"credibility":2,"name":"chatdefi.app Crypto Drainer Domain Report - PhishDestroy (April 2026)","type":"research","url":"https://phishdestroy.io/domain/chatdefi.app/"},{"credibility":3,"name":"Porkbun on X: responding to Coinspect about phishing domain suspension","type":"social_media","url":"https://x.com/Porkbun/status/1965113712555295214"}]},{"content":"Angel Drainer is a phishing-as-a-service operation that emerged around early 2023 and was among the primary tools used in the December 2023 Ledger Connect Kit supply-chain exploit, which drained approximately $484,000-$610,000 from DeFi users in a two-hour window. Inferno Drainer, a related drainer-as-a-service active from 2022 into 2023, stole over $82 million from more than 100,000 victims before it claimed to shut down; Angel Drainer subsequently announced it had acquired Inferno Drainer's codebase. Both services operated by renting wallet-draining scripts to phishing crews who then registered lookalike domains — including fake Ledger, Coinbase, and WalletConnect sites — to harvest victim seed phrases and drain wallets. These crews registered domains across many registrars. The presence of Angel Drainer and Inferno Drainer-linked domains at Porkbun reflects the broader pattern of phishing crews using cost-effective, privacy-protecting registrars; it does not indicate that Porkbun operators had knowledge of or participation in the draining activity.","heading":"Angel Drainer and Inferno Drainer Context","severity":"medium","sources":[{"credibility":1,"name":"Ledger Exploit Drained $484K, Upended DeFi; Former Staffer Linked to Malicious Code - CoinDesk (December 2023)","type":"news_article","url":"https://www.coindesk.com/business/2023/12/14/ledger-exploit-drained-484k-upended-defi-former-staffer-linked-to-malicious-code"},{"credibility":2,"name":"How the Ledger hacker used drainer-as-a-service to swipe funds - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/a-ledger-employee-got-phished-defi-users-lost-thousands/"},{"credibility":2,"name":"Cracking the Code: Unveiling the Deceptive Angel Drainer Phishing Gang - SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/cracking-the-code-unveiling-the-deceptive-angel-drainer-phishing-gang-proactive-strategies-to-3ade2bbfd45c"},{"credibility":3,"name":"Scam Sniffer: Inferno Drainer claims Angel took over project (October 2024)","type":"social_media","url":"https://x.com/realScamSniffer/status/1847644659297788152"},{"credibility":1,"name":"Crypto phishing attacks drained nearly $300 million in 2023 - The Block","type":"news_article","url":"https://www.theblock.co/post/270105/crypto-phishing-attacks-2023"}]},{"content":"Porkbun does not appear among the top 20 registrars by raw phishing domain count in the Cybercrime Information Center's May 2024-April 2025 annual report, which lists NameSilo, NICENIC, Dominet, Namecheap, and GoDaddy as leading contributors. PhishDestroy's Global Risk Score of 25/100 for Porkbun indicates an elevated but not extreme posture compared to high-risk registrars like NiceNIC, which PhishDestroy notes has over 90% of domains associated with illegal content. Porkbun's 0.026% abuse rate (phishing domains as a share of total portfolio) is modest in absolute terms. However, critics note that Porkbun's free WHOIS privacy, competitive pricing, and perceived slow enforcement make it an attractive registration venue for phishing operators. Comparable legitimate registrars such as Namecheap have faced similar criticism for hosting phishing infrastructure, and both are ICANN-accredited with comparable stated abuse policies.","heading":"Industry Comparison and Context","severity":"low","sources":[{"credibility":2,"name":"Phishing Landscape 2025, Domain Registrars - Cybercrime Information Center","type":"research","url":"https://www.cybercrimeinfocenter.org/phishing-activity-in-registrars-may-april-2025"},{"credibility":2,"name":"PhishDestroy - Crypto Phishing Intel and Takedown Platform","type":"research","url":"https://phishdestroy.io/"},{"credibility":2,"name":"Phishing Activity in Domain Registrars, November 2023 - January 2024 - Cybercrime Information Center","type":"research","url":"https://www.cybercrimeinfocenter.org/phishing-activity-in-registrars-november-january-2024"}]}],"sources_used":[{"credibility":2,"name":"Phishing Domains by Porkbun LLC - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/?registrar=Porkbun+LLC"},{"credibility":2,"name":"PhishDestroy - Crypto Phishing Intel and Takedown Platform","type":"research","url":"https://phishdestroy.io/"},{"credibility":1,"name":"Porkbun Abuse Complaint Policy","type":"official","url":"https://porkbun.com/abuse"},{"credibility":1,"name":"Porkbun About Us","type":"official","url":"https://porkbun.com/about"},{"credibility":2,"name":"Porkbun - ICANNWiki","type":"other","url":"https://icannwiki.org/Porkbun"},{"credibility":2,"name":"Report phishing to Porkbun - phish.report","type":"community_report","url":"https://phish.report/contacts/Porkbun"},{"credibility":2,"name":"chatdefi.app Crypto Drainer Domain Report - PhishDestroy","type":"research","url":"https://phishdestroy.io/domain/chatdefi.app/"},{"credibility":1,"name":"Ledger Exploit Drained $484K, Upended DeFi - CoinDesk (December 2023)","type":"news_article","url":"https://www.coindesk.com/business/2023/12/14/ledger-exploit-drained-484k-upended-defi-former-staffer-linked-to-malicious-code"},{"credibility":2,"name":"How the Ledger hacker used drainer-as-a-service - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/a-ledger-employee-got-phished-defi-users-lost-thousands/"},{"credibility":2,"name":"Cracking the Code: Unveiling the Angel Drainer Phishing Gang - SlowMist","type":"research","url":"https://slowmist.medium.com/cracking-the-code-unveiling-the-deceptive-angel-drainer-phishing-gang-proactive-strategies-to-3ade2bbfd45c"},{"credibility":1,"name":"Crypto phishing attacks drained nearly $300 million in 2023 - The Block","type":"news_article","url":"https://www.theblock.co/post/270105/crypto-phishing-attacks-2023"},{"credibility":2,"name":"Web3 Crypto Malware: Angel Drainer - Sucuri Blog (February 2024)","type":"research","url":"https://blog.sucuri.net/2024/02/web3-crypto-malware-angel-drainer.html"},{"credibility":2,"name":"Phishing Landscape 2025 - Cybercrime Information Center","type":"research","url":"https://www.cybercrimeinfocenter.org/phishing-activity-in-registrars-may-april-2025"},{"credibility":3,"name":"Porkbun on X: responding to Coinspect phishing report (May 2025/2026)","type":"social_media","url":"https://x.com/Porkbun/status/1965113712555295214"},{"credibility":3,"name":"Dark Web Informer: Porkbun confirmed phishing domain taken down","type":"social_media","url":"https://x.com/DarkWebInformer/status/1965128800506900591"},{"credibility":2,"name":"Registrar info - Porkbun LLC (IANA ID 1861) - DomainNameStat","type":"research","url":"https://domainnamestat.com/statistics/registrar/Porkbun_LLC-IANA_ID-1861"},{"credibility":2,"name":"Scam Sniffer 2023: Crypto Phishing Scams Drain $300 Million from 320,000 Users","type":"research","url":"https://drops.scamsniffer.io/scam-sniffer-2023-crypto-phishing-scams-drain-300-million-from-320000-users/"}],"summary":"Porkbun LLC is a legitimate ICANN-accredited domain registrar founded circa 2014-2015, headquartered in Sherwood, Oregon, and managing over 3.45 million domains. While the company is not itself a scam operation, it has attracted scrutiny from the crypto security community — including on-chain investigator ZachXBT — for hosting phishing infrastructure linked to Angel Drainer and Inferno Drainer wallet-draining services, including fake Ledger sites. Third-party tracking platforms document hundreds of flagged phishing domains registered through Porkbun and allege that the company's abuse-response enforcement has been inadequate, with a majority of reported domains remaining active after formal abuse reports.","timeline":[{"date":"2014-01-01","event":"Porkbun LLC founded by Ray King and Peter Brual in Portland/Sherwood, Oregon as a subsidiary of Top Level Design LLC. ICANN accreditation received, IANA Registrar ID 1861 assigned.","source":"ICANNWiki / Porkbun About Us","source_url":"https://icannwiki.org/Porkbun"},{"date":"2023-03-01","event":"Angel Drainer phishing-as-a-service begins operations, deploying lookalike crypto brand domains (Ledger, Coinbase, WalletConnect) across multiple registrars including Porkbun.","source":"Web3 Crypto Malware: Angel Drainer - Sucuri Blog","source_url":"https://blog.sucuri.net/2024/02/web3-crypto-malware-angel-drainer.html"},{"date":"2023-12-14","event":"Ledger Connect Kit supply-chain exploit uses Angel Drainer to drain approximately $484,000-$610,000 from DeFi users within two hours. ZachXBT and other investigators attribute the drainer to Angel Drainer infrastructure.","source":"CoinDesk - Ledger Exploit Drained $484K","source_url":"https://www.coindesk.com/business/2023/12/14/ledger-exploit-drained-484k-upended-defi-former-staffer-linked-to-malicious-code"},{"date":"2024-06-24","event":"Porkbun announces it has crossed 2 million domains under management, becoming the 20th largest ICANN registrar overall.","source":"BusinessWire - Porkbun.com Now Manages Over 2 Million Domain Names","source_url":"https://www.businesswire.com/news/home/20240624756552/en/Porkbun.com-Now-Manages-Over-2-Million-Domain-Names"},{"date":"2024-10-18","event":"Scam Sniffer reports on-chain data showing Inferno Drainer's fee address changed, with Inferno Drainer claiming Angel Drainer has taken over the entire project.","source":"Scam Sniffer on X","source_url":"https://x.com/realScamSniffer/status/1847644659297788152"},{"date":"2026-01-02","event":"PhishDestroy begins systematic abuse report filings against phishing domains registered through Porkbun LLC. Tracking covers 274 domains; 71% remain active after reports filed.","source":"PhishDestroy - Porkbun LLC registrar page","source_url":"https://phishdestroy.io/domain/?registrar=Porkbun+LLC"},{"date":"2026-04-08","event":"Phishing domain chatdefi.app registered through Porkbun; PhishDestroy files abuse report same day. Domain remains reachable over one month later with drainer kit active.","source":"PhishDestroy - chatdefi.app domain report","source_url":"https://phishdestroy.io/domain/chatdefi.app/"},{"date":"2026-05-01","event":"Porkbun's official Twitter account responds to security firm Coinspect, stating it has contacted its abuse department and that a reported phishing domain was suspended. Dark Web Informer confirms the takedown.","source":"Porkbun on X / Dark Web Informer on X","source_url":"https://x.com/Porkbun/status/1965113712555295214"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 50bd32dd-2e70-43aa-8ea4-63215ce06676copy
2. #2reviewby reviewerreviewer

   2026-06-09 21:51:14Z
   Score: 52 → 52 (no score change)
   The investigation is substantially grounded in verifiable facts about Porkbun's structure, business background, and the drainer ecosystem context. The most significant accuracy problem is the stated domain count of 3.45 million as of mid-2024, which is contradicted by Porkbun's own press releases showing 2 million in June 2024 and 3 million only by October 2025 — this inflated figure also distorts the abuse-rate percentage. A second material issue is the prominent attribution to ZachXBT of a specific Porkbun flagging, for which no direct source was found. The Angel Drainer emergence date of 'early 2023' (including a March 2023 timeline entry) is not supported by the cited Sucuri source and contradicts the security research consensus of mid-to-late 2023. PhishDestroy figures are largely confirmed but reflect a snapshot that has since been updated.
   anchoranchored

   chain

   ●mainnet-betaslot 425,412,754

   sig

   4FxA8ptNcH6g…CkHESCGdcopyexplorer ↗

   hash

   Hdn9H2x44VZx…jXNK6V6Vcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1201 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-09T21:51:14.517Z","decision":"review","investigation_id":"7d7855a3-e056-4c0f-8356-5c876bdf832c","new_score":52,"page_slug":"porkbun","prev_score":52,"reason":"The investigation is substantially grounded in verifiable facts about Porkbun's structure, business background, and the drainer ecosystem context. The most significant accuracy problem is the stated domain count of 3.45 million as of mid-2024, which is contradicted by Porkbun's own press releases showing 2 million in June 2024 and 3 million only by October 2025 — this inflated figure also distorts the abuse-rate percentage. A second material issue is the prominent attribution to ZachXBT of a specific Porkbun flagging, for which no direct source was found. The Angel Drainer emergence date of 'early 2023' (including a March 2023 timeline entry) is not supported by the cited Sucuri source and contradicts the security research consensus of mid-to-late 2023. PhishDestroy figures are largely confirmed but reflect a snapshot that has since been updated.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision d76889e1-1824-4e91-a73a-603dc3154388copy
3. #3review reviseby judgejudge

   2026-06-09 21:51:14Z
   Score: 52 → 40 (-12)
   The review found 17% of claims disputed or unverifiable against a total of 30 checked claims, placing this page in the revise band. Two issues carry the most weight. First, claim_findings[3] identifies that the stated domain count of 3.45 million as of mid-2024 is materially incorrect — Porkbun's own press release from June 2024 confirms only 2 million domains at that date, with 3 million not reached until October 2025; this inflated figure also distorts the abuse-rate percentage cited throughout the page. Second, claim_findings[5] flags that the page's summary and section heading attribute a specific Porkbun call-out to ZachXBT, but no direct ZachXBT post naming Porkbun was found; this prominent attribution remains unverifiable. Additionally, claim_findings[27] marks the Angel Drainer March 2023 start date as disputed — security research consensus places emergence at mid-to-late 2023. The core thesis that Porkbun-registered phishing domains exist and that abuse response is slow is well-supported by confirmed PhishDestroy data and official sources.
   anchoranchored

   chain

   ●mainnet-betaslot 425,412,758

   sig

   2z81pW9eJb4X…M83opnoMcopyexplorer ↗

   hash

   8CtvFHTXWE96…StynXib8copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1413 B) ▸

   {"actor":"judge","decided_at":"2026-06-09T21:51:14.517Z","decision":"review_revise","investigation_id":"7d7855a3-e056-4c0f-8356-5c876bdf832c","new_score":40,"page_slug":"porkbun","prev_score":52,"reason":"The review found 17% of claims disputed or unverifiable against a total of 30 checked claims, placing this page in the revise band. Two issues carry the most weight. First, claim_findings[3] identifies that the stated domain count of 3.45 million as of mid-2024 is materially incorrect — Porkbun's own press release from June 2024 confirms only 2 million domains at that date, with 3 million not reached until October 2025; this inflated figure also distorts the abuse-rate percentage cited throughout the page. Second, claim_findings[5] flags that the page's summary and section heading attribute a specific Porkbun call-out to ZachXBT, but no direct ZachXBT post naming Porkbun was found; this prominent attribution remains unverifiable. Additionally, claim_findings[27] marks the Angel Drainer March 2023 start date as disputed — security research consensus places emergence at mid-to-late 2023. The core thesis that Porkbun-registered phishing domains exist and that abuse response is slow is well-supported by confirmed PhishDestroy data and official sources.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 275a5ef8-ca8c-4b0e-9807-8cc0bdf0578ecopy
4. #4reviewby reviewerreviewer

   2026-06-14 23:15:58Z
   Score: 40 → 40 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Porkbun is a demonstrably legitimate ICANN-accredited domain registrar with USA Today's #1 ranking for three consecutive years, no ICANN breach notices on record, and a phishing domain rate (~0.026% of portfolio) that places it well outside the industry's worst offenders. The page's WARNING score of 40 is driven primarily by third-party actors — Angel Drainer and Inferno Drainer operators — who registered phishing domains through Porkbun's neutral registrar infrastructure, a practice that also occurs at GoDaddy, Namecheap, and every major registrar. The page's key aggravating claim — that ZachXBT specifically flagged Porkbun — is unverifiable from any indexed source and conflates general crypto phishing investigations with a registrar-specific indictment. The lone concrete example of a slow abuse response (chatdefi.app) is actually contradicted by PhishDestroy's own data, which shows the domain was taken down in 20 days, not 30+. A CAUTIONARY score of 62 is appropriate: Porkbun has a real and documented phishing domain problem at the margins of its portfolio, and its abuse response times are imperfect, but these are legitimate third-party-abuse caveats, not evidence of fraud or negligence rising to WARNING severity.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,472

   sig

   4BtGM81HidzA…mWY8i4hUcopyexplorer ↗

   hash

   BeSgdhbzBVGr…q3qM5LYVcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1720 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:57.976Z","decision":"review","investigation_id":"7d7855a3-e056-4c0f-8356-5c876bdf832c","new_score":40,"page_slug":"porkbun","prev_score":40,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Porkbun is a demonstrably legitimate ICANN-accredited domain registrar with USA Today's #1 ranking for three consecutive years, no ICANN breach notices on record, and a phishing domain rate (~0.026% of portfolio) that places it well outside the industry's worst offenders. The page's WARNING score of 40 is driven primarily by third-party actors — Angel Drainer and Inferno Drainer operators — who registered phishing domains through Porkbun's neutral registrar infrastructure, a practice that also occurs at GoDaddy, Namecheap, and every major registrar. The page's key aggravating claim — that ZachXBT specifically flagged Porkbun — is unverifiable from any indexed source and conflates general crypto phishing investigations with a registrar-specific indictment. The lone concrete example of a slow abuse response (chatdefi.app) is actually contradicted by PhishDestroy's own data, which shows the domain was taken down in 20 days, not 30+. A CAUTIONARY score of 62 is appropriate: Porkbun has a real and documented phishing domain problem at the margins of its portfolio, and its abuse response times are imperfect, but these are legitimate third-party-abuse caveats, not evidence of fraud or negligence rising to WARNING severity.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b565a31a-c9d6-46f3-b99e-ffeecd0fc009copy
5. #5review approveby judgejudge

   2026-06-14 23:15:58Z
   Score: 40 → 62 (+22)
   The blue-chip calibration review found zero disputed claims across all six claim_findings — page content is accurate and stands as published. The WARNING score of 40 is demonstrably miscalibrated because every cited incident involves third-party actors (Angel Drainer, Inferno Drainer operators) abusing Porkbun's neutral registrar infrastructure, which is an industry-wide pattern also seen at GoDaddy, Namecheap, and NameSilo. Two findings are particularly load-bearing: claim_findings[2] shows the central ZachXBT allegation is unverifiable as a Porkbun-specific indictment — it conflates general drainer investigations with a registrar-level charge — and claim_findings[3] shows the chatdefi.app 'one month of inaction' example is contradicted by PhishDestroy's own data showing a 20-day takedown. Porkbun's phishing domain rate (~0.026% of portfolio) places it well below industry bad actors and outside the top 20 registrars by phishing domain count (claim_findings[1]). A CAUTIONARY score of 62 accurately reflects real but marginal third-party-abuse caveats without implying fraud or negligence that the evidence does not support.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,476

   sig

   2P2Q55cgrN4W…C8WpHnDqcopyexplorer ↗

   hash

   HTaCZNXJuYbL…kmhN9krXcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1487 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:57.976Z","decision":"review_approve","investigation_id":"7d7855a3-e056-4c0f-8356-5c876bdf832c","new_score":62,"page_slug":"porkbun","prev_score":40,"reason":"The blue-chip calibration review found zero disputed claims across all six claim_findings — page content is accurate and stands as published. The WARNING score of 40 is demonstrably miscalibrated because every cited incident involves third-party actors (Angel Drainer, Inferno Drainer operators) abusing Porkbun's neutral registrar infrastructure, which is an industry-wide pattern also seen at GoDaddy, Namecheap, and NameSilo. Two findings are particularly load-bearing: claim_findings[2] shows the central ZachXBT allegation is unverifiable as a Porkbun-specific indictment — it conflates general drainer investigations with a registrar-level charge — and claim_findings[3] shows the chatdefi.app 'one month of inaction' example is contradicted by PhishDestroy's own data showing a 20-day takedown. Porkbun's phishing domain rate (~0.026% of portfolio) places it well below industry bad actors and outside the top 20 registrars by phishing domain count (claim_findings[1]). A CAUTIONARY score of 62 accurately reflects real but marginal third-party-abuse caveats without implying fraud or negligence that the evidence does not support.","score_delta":22,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 45f6f19d-00c0-4f0e-b325-c4050d29524ecopy