Editorial mirrorBrand mentions redacted to public IDs. Hover to inspect. Everything else is theatre.How it works
THE ENABLERS REGISTRYRegistrar accountability archive
Archive LiveRead-only public record · No ads · No tracking
Case file folder with redacted documents and confidential investigation report.
CASE / ANALYTICS

August 2025 Phishing Threat Report — THE ENABLERS REGISTRY Analytics

The Enablers Registry·Editorial mirror·/analytics/

Public record copy. Brand names withheld, public accreditation numbers preserved. If the body below says “we”, that means the original publisher, not this mirror. TER only preserves, redacts, and re-contextualizes.

August 2025 Intelligence Report 440.9%
3,786
2,816
Taken Down
970
Still Live
74.4%
Kill Rate
5577h
Avg Response
4.7
Avg VT Score

August 2025 saw a dramatic surge in possibly phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>FinCEN MSB #31000023456789</strong> and <strong>[REDACTED]</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

  • <strong>N/A</strong> remains the top abuse registrar with <strong>458</strong> domains, followed by <strong>[REDACTED]</strong> with <strong>224</strong> domains.
  • Targeting of <strong>FinCEN MSB #31000023456789</strong> and <strong>[REDACTED]</strong> suggests a continued emphasis on cryptocurrency rather than traditional banking.
  • The <strong>.com</strong> TLD was the most weaponized with <strong>1,828</strong> instances, dwarfing other TLDs like <strong>.xyz</strong> and <strong>.life</strong>.
  • The <strong>Angel Drainer</strong> kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
  • The majority of possibly phishing infrastructure is hosted in the <strong>US</strong> with <strong>2,524</strong> domains, indicating a concentration that defenders should prioritize.
  • Despite a takedown rate of <strong>67.6%</strong>, the mean registrar response time of <strong>4426.9</strong> hours highlights a critical delay in mitigation efforts.
Outlook
Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like <strong>N/A</strong> and <strong>[REDACTED]</strong> require escalated monitoring due to their high abuse concentrations. Vigilance against the <strong>Angel Drainer</strong> kit remains crucial to protect users from wallet draining threats.

August 2025 Domains (3,786)

Sorted by VirusTotal detections. Click any domain for full security report.

« Prev ... 35 36 37 38 39 40 41 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Continue browsing the ledger

This page is the editorial mirror. Brand names are redacted to public IANA / business identifiers. Use the index to navigate other case files.

Open registrar ledger → All briefings