Aallannott.techAccount justice for the people big tech ignores
Accountability map

Every scam touches five layers. None of them want to be named.

Going after the scammer is whack-a-mole. Going after the layers that let the scammer exist is leverage. A registrar can pull a domain in an hour. A host can null-route an IP. A processor can freeze a destination account. They almost never do — because almost nobody asks them in public, by name, with a case number.

The five layers

1. Domain registrar

Who sold the scam its domain. GoDaddy, Namecheap, Tucows, Squarespace Domains, Hostinger, Dynadot, Porkbun. They run WHOIS. They take the abuse report. They are the fastest kill switch on the entire internet — a registrar can suspend a domain in minutes when they want to. The public record of who they protected and how long it took is the work.

2. Hosting / proxy provider

Where the site actually runs and what stands in front of it. Cloudflare is the largest enabler of scam sites staying online because it hides the true origin. AWS, Hostinger hosting, Hetzner, OVH, DigitalOcean, Namecheap hosting — each has an abuse address. Each has a record we can publish.

3. TLD operator

The owner of the top-level domain itself. Verisign (.com, .net), Identity Digital (.info, .org, hundreds more), Donuts, Public Interest Registry. They set the floor that registrars have to enforce. When a registrar refuses to act, the next escalation is the TLD.

4. Payment processor / cash-out

Where the money lands. Stripe, PayPal, Wise, Revolut, Cash App, Zelle, every crypto on-ramp. The scammer's account is the single most identifying piece of information in the entire chain. Processors can freeze. Banks can reverse. They will not act on a victim's word — but they will act on a documented case with the destination account named.

5. Telecom carrier

The number that did the SIM swap, hosted the spoofed caller ID, or relayed the SMS phishing. Bell, Rogers, Telus, Verizon, AT&T, T-Mobile. SIM swap is still the single biggest banking attack in North America in 2026 and carriers know exactly how to stop it. They have not, because nothing has cost them more than it costs them now.

What the network does with this

  1. A victim files a case with receipts on localpayments.io.
  2. A verified researcher (named, with a public VID) traces the chain through the five layers and attaches the findings to the case.
  3. Abuse reports are filed at each layer, each with the case ID. The filing itself is public.
  4. If the layer acts, that is recorded. If they refuse or ignore, that is recorded too — by name, with the date and the response time.
  5. After 14 days of refusal, the case becomes a public disclosure on /disclosure. The layer is named. The pattern is named. Journalists and regulators get the file.

This is not pentesting

We do not break into systems. We do not deface sites. We do not dox employees. We use the abuse channels every layer already publishes, on real cases with real receipts, and we publish what happens. That is legal in every jurisdiction the network operates in. It is also, when done at scale and in public, the single most effective pressure tool on companies that depend on a reputation for being neutral infrastructure.

What we will not do

  • We will not name a layer based on a single complaint. Patterns only. Receipts required.
  • We will not name an employee. We will name the company, the abuse desk address, and the response time.
  • We will not take money from a layer to remove a published refusal. Ever. See the rules.
  • Criminal matters go to police first. The network is for what police, regulators, and platforms refuse to act on.

Next: how a white-hat researcher joins this work →