Editorial mirrorBrand mentions redacted to public IDs. Hover to inspect. Everything else is theatre.How it works
THE ENABLERS REGISTRYRegistrar accountability archive
Archive LiveRead-only public record · No ads · No tracking
Case file folder with redacted documents and confidential investigation report.
CASE / ANALYTICS

Threat Analytics Dashboard

The Enablers Registry·Editorial mirror·/analytics/

Public record copy. Brand names withheld, public accreditation numbers preserved. If the body below says “we”, that means the original publisher, not this mirror. TER only preserves, redacts, and re-contextualizes.

Monthly Intelligence Reports

Click any month for detailed report with domain cards, registrar analysis, and AI-generated expert assessment.

6,732
1,996
Dead
4,736
Alive
29.6%
Kill Rate
26h
Response
June 2026 +356.2%
32,829
21,892
Dead
10,937
Alive
66.7%
Kill Rate
123h
Response
May 2026 -55.1%
7,196
4,700
Dead
2,496
Alive
65.3%
Kill Rate
282h
Response
16,025
10,142
Dead
5,883
Alive
63.3%
Kill Rate
606h
Response
20,579
13,954
Dead
6,625
Alive
67.8%
Kill Rate
677h
Response

In March 2026, THE ENABLERS REGISTRY detected <strong>6,635</strong> possibly phishing domains, marking a <strong>63.6%</strong> decrease from the previous month. Despite this reduction, <strong>3,124</strong> domains remain active, highlighting a takedown rate of only <strong>52.6%</strong>. Attackers continue to focus on cryptocurrency platforms, with <strong>NASDAQ:COIN</strong> and <strong>[REDACTED]</strong> being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly <strong>[REDACTED]</strong> and <strong>[REDACTED]</strong>.

42,079
32,197
Dead
9,882
Alive
76.5%
Kill Rate
1255h
Response

In February 2026, THE ENABLERS REGISTRY detected <strong>18,204</strong> possibly phishing domains, marking a <strong>103.8%</strong> increase from the previous month. The takedown rate was <strong>68.2%</strong>, with <strong>5,792</strong> domains still active. Notably, <strong>[REDACTED]</strong> emerged as the top registrar with <strong>7,733</strong> abusive domains. Targeting shifted towards <strong>Facebook Pixel</strong> and <strong>generic crypto</strong> brands, indicating a pivot in attacker focus. The operational impact shows a need for improved registrar response times, averaging <strong>288.1</strong> hours, to enhance takedown efficiency.

8,925
7,028
Dead
1,897
Alive
78.7%
Kill Rate
1904h
Response

The most significant finding for January 2026 is a <strong>24.1%</strong> decrease in detected possibly phishing domains compared to the previous month, totaling <strong>8,932</strong> domains. Despite this reduction, <strong>1,823</strong> domains remain active, indicating a need for improved takedown strategies. The takedown rate stands at <strong>79.6%</strong>, showing effectiveness but also highlighting a gap in response times, with a mean registrar response time of <strong>782.6</strong> hours. Notably, there is a shift towards targeting crypto-related brands, with <strong>Crypto Scam</strong> domains leading at <strong>792</strong> detections, suggesting a change in attacker focus and potential vulnerabilities in the crypto sector.

11,769
8,738
Dead
3,031
Alive
74.2%
Kill Rate
2464h
Response

In December 2025, THE ENABLERS REGISTRY detected <strong>11,773</strong> possibly phishing domains, marking a <strong>6.4%</strong> decrease from the previous month. The takedown rate was <strong>76.3%</strong>, with <strong>8,978</strong> domains neutralized. Notably, <strong>Crypto Scam</strong> targeting remains prevalent with <strong>820</strong> domains, while <strong>[REDACTED]</strong> emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of <strong>1452.7</strong> hours indicates room for improvement in response speed.

12,577
10,599
Dead
1,978
Alive
84.3%
Kill Rate
3207h
Response

In November 2025, THE ENABLERS REGISTRY detected <strong>12,580</strong> possibly phishing domains, marking a <strong>42.3%</strong> increase from the previous month. The takedown rate was <strong>85.4%</strong>, with <strong>1,842</strong> domains still active. Notably, <strong>Crypto Scam</strong> targeting surged with <strong>990</strong> domains, reflecting a shift towards cryptocurrency-related possibly phishing. The mean registrar response time remains a concern at <strong>2189.3</strong> hours, indicating potential delays in domain takedowns.

8,840
7,578
Dead
1,262
Alive
85.7%
Kill Rate
4005h
Response

In October 2025, THE ENABLERS REGISTRY detected <strong>8,841</strong> possibly phishing domains, marking a <strong>21.0%</strong> increase from the previous month. Notably, <strong>[REDACTED]</strong> emerged as the top abuse registrar with <strong>1,206</strong> domains, indicating a potential shift in attacker preferences for domain registration. The targeting of <strong>Generic Crypto</strong> brands remains prevalent, with <strong>669</strong> domains detected, while <strong>Angel Drainer</strong> kits were the most used, affecting victims through wallet drains. Despite an <strong>85.7%</strong> takedown rate, the mean registrar response time of <strong>2803.0</strong> hours highlights a critical gap in rapid domain deactivation.

7,304
6,127
Dead
1,177
Alive
83.9%
Kill Rate
4786h
Response

In September 2025, THE ENABLERS REGISTRY detected <strong>7,307</strong> possibly phishing domains, marking a <strong>92.9%</strong> increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of <strong>82.2%</strong>, although the mean registrar response time remained high at <strong>3,828.5</strong> hours. Attackers continued to focus on the crypto sector, with <strong>Generic Crypto</strong> and <strong>SushiSwap</strong> as top targets, indicating a shift in targeting tactics. The dominance of the <strong>Angel Drainer</strong> kit suggests a persistent threat of wallet draining and seed theft for victims.

3,786
2,815
Dead
971
Alive
74.4%
Kill Rate
5577h
Response

August 2025 saw a dramatic surge in possibly phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>FinCEN MSB #31000023456789</strong> and <strong>[REDACTED]</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

July 2025 +23233.3%
700
577
Dead
123
Alive
82.4%
Kill Rate
6390h
Response

In July 2025, THE ENABLERS REGISTRY detected <strong>700</strong> possibly phishing domains, marking a <strong>17400.0%</strong> increase from the previous month, with a takedown rate of <strong>85.1%</strong>. Notably, <strong>Angel Drainer</strong> kits were identified on <strong>183</strong> domains, posing significant risks of wallet drains and seed theft. The mean registrar response time was a concerning <strong>4981.9</strong> hours, highlighting gaps in takedown efficiency. Despite the high volume, our operational impact remains strong with a substantial number of domains taken offline, though registrar responsiveness needs improvement.

3
Dead
0
Alive
100%
Kill Rate
7022h
Response

In June 2025, THE ENABLERS REGISTRY detected <strong>4</strong> possibly phishing domains, representing a <strong>100.0%</strong> increase from the previous month. Despite the rise in detected domains, the takedown rate remained effective at <strong>75.0%</strong>, with <strong>3</strong> domains neutralized. Notably, <strong>Infomaniak Network SA</strong>, <strong>[REDACTED]</strong>, and <strong>[REDACTED] d/b/a IANA #303</strong> emerged as top abuse registrars. The targeting of <strong>apple</strong> indicates a shift towards high-value technology brands. The operational impact is positive, with a strong takedown rate, but vigilance is needed for the remaining active domain.

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Continue browsing the ledger

This page is the editorial mirror. Brand names are redacted to public IANA / business identifiers. Use the index to navigate other case files.

Open registrar ledger → All briefings