Phishing Analytics

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

In February 2026, PhishDestroy detected 18,204 phishing domains, marking a 103.8% increase from the previous month. The takedown rate was 68.2%, with 5,792 domains still active. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar with 7,733 abusive domains. Targeting shifted towards Facebook Pixel and generic crypto brands, indicating a pivot in attacker focus. The operational impact shows a need for improved registrar response times, averaging 288.1 hours, to enhance takedown efficiency.

The most significant finding for January 2026 is a 24.1% decrease in detected phishing domains compared to the previous month, totaling 8,932 domains. Despite this reduction, 1,823 domains remain active, indicating a need for improved takedown strategies. The takedown rate stands at 79.6%, showing effectiveness but also highlighting a gap in response times, with a mean registrar response time of 782.6 hours. Notably, there is a shift towards targeting crypto-related brands, with Crypto Scam domains leading at 792 detections, suggesting a change in attacker focus and potential vulnerabilities in the crypto sector.

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

In November 2025, PhishDestroy detected 12,580 phishing domains, marking a 42.3% increase from the previous month. The takedown rate was 85.4%, with 1,842 domains still active. Notably, Crypto Scam targeting surged with 990 domains, reflecting a shift towards cryptocurrency-related phishing. The mean registrar response time remains a concern at 2189.3 hours, indicating potential delays in domain takedowns.

In October 2025, PhishDestroy detected 8,841 phishing domains, marking a 21.0% increase from the previous month. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top abuse registrar with 1,206 domains, indicating a potential shift in attacker preferences for domain registration. The targeting of Generic Crypto brands remains prevalent, with 669 domains detected, while Angel Drainer kits were the most used, affecting victims through wallet drains. Despite an 85.7% takedown rate, the mean registrar response time of 2803.0 hours highlights a critical gap in rapid domain deactivation.

In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.

August 2025 saw a dramatic surge in phishing domains with 3,788 detected, marking a 441.1% increase from the previous month. The takedown rate stood at 67.6%, indicating significant operational success, though the mean registrar response time remains critically high at 4426.9 hours. Notably, Kraken and Ledger were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the Angel Drainer kit, implicated in 220 cases, underscores a persistent threat of wallet draining for victims.

In July 2025, PhishDestroy detected 700 phishing domains, marking a 17400.0% increase from the previous month, with a takedown rate of 85.1%. Notably, Angel Drainer kits were identified on 183 domains, posing significant risks of wallet drains and seed theft. The mean registrar response time was a concerning 4981.9 hours, highlighting gaps in takedown efficiency. Despite the high volume, our operational impact remains strong with a substantial number of domains taken offline, though registrar responsiveness needs improvement.

In June 2025, PhishDestroy detected 4 phishing domains, representing a 100.0% increase from the previous month. Despite the rise in detected domains, the takedown rate remained effective at 75.0%, with 3 domains neutralized. Notably, Infomaniak Network SA, NameSilo, LLC, and PDR Ltd. d/b/a PublicDomainRegistry.com emerged as top abuse registrars. The targeting of apple indicates a shift towards high-value technology brands. The operational impact is positive, with a strong takedown rate, but vigilance is needed for the remaining active domain.