Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
October 2025 Intelligence Report 21%
8,841
4,414
Taken Down
4,161
Still Live
49.9%
Kill Rate
3217h
Avg Response
8.5
Avg VT Score

In October 2025, PhishDestroy detected 8,841 phishing domains, marking a 21.0% increase from the previous month. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top abuse registrar with 1,206 domains, indicating a potential shift in attacker preferences for domain registration. The targeting of Generic Crypto brands remains prevalent, with 669 domains detected, while Angel Drainer kits were the most used, affecting victims through wallet drains. Despite an 85.7% takedown rate, the mean registrar response time of 2803.0 hours highlights a critical gap in rapid domain deactivation.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1,206 domains, necessitating immediate escalation.
  • Crypto-related brands, especially Generic Crypto, are heavily targeted with 669 domains, overshadowing banking and social sectors.
  • The .com TLD remains the most weaponized with 3,256 domains, followed by .xyz and .app.
  • Angel Drainer kits dominate with 1,122 instances, posing significant risks of wallet drain for victims.
  • US-based hosting is overwhelmingly preferred, with 6,383 domains, indicating a need for increased collaboration with US-based providers.
  • The mean registrar response time of 2803.0 hours suggests inefficiencies in detection-to-takedown processes.
Outlook
In November, expect continued targeting of crypto sectors, with potential increases in .xyz and .app TLD abuse. Defenders should prioritize monitoring NICENIC INTERNATIONAL GROUP CO., LIMITED and escalate registrar response times to improve takedown efficiency.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,206
Cloudflare, Inc. 828
Dynadot LLC 784
Web Commerce Communications Limited 696
NameSilo, LLC 419
Gname.com Pte. Ltd. 394
NameCheap, Inc. 335
PDR Ltd. d/b/a PublicDomainRegistry.com 318

Targeted Brands

BrandDomains
across 583
Crypto Casino / Gambling 493
gmail 476
Coinbase 382
binance 267
solana 237
ethereum 220
Facebook 184

Top TLDs

.com3,256 .xyz651 .app447 .top320 .org289 .io271 .net247 .cc247

Hosting Countries

🇺🇸 US6,443 🇩🇪 DE453 🇨🇭 CH333 🇳🇱 NL298 🇭🇰 HK234 🇷🇺 RU147 🇰🇷 KR112 🇺🇦 UA101

Active Drainer Kits

Angel Drainer1,122 Wallet Connect Abuse321 Solana Drainer280 Ice Phishing8 Inferno Drainer1

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

wealthphantomapp.net
19 VTTaken Down
web-ob-whatsapp.com.cn
19 VTLive
web-was-whatsappweb.com.cn
19 VTLive
web-wp-whatsappweb.com.cn
19 VTLive
wekorose.digital
19 VTLive
whats4pp.top
19 VTLive
xn--paypalgebhrenrechner-xec.de
19 VTTaken Down
xpoalswwkjddsljsy.com
19 VTLive
500binkonutbasvuru.click
18 VTLive
about-meta-home.pineapple.page
18 VTTaken Down
admin.535787.top
18 VTLive
aktivpayletter.safetycs.biz.id
18 VTTaken Down
alfjeqlqf.top
18 VTTaken Down
amazonine.top
18 VTLive
api.bahusande.com
18 VTTaken Down
app-jtn-whatshktw.com
18 VTLive
apps.bahusande.com
18 VTLive
aster-bd.com
18 VT
bet365h1.cc
18 VTTaken Down
blockfilogiii.godaddysites.com
18 VTTaken Down
bsvrlrm.click
18 VTLive
bsvrlrmtrkye.digital
18 VTLive
business.meta-agency-partner.eu
18 VTLive
cobbcbo.top
18 VTTaken Down
coinbae.cn
18 VTTaken Down
coinbasecwn.com
18 VTTaken Down
cuionsabesignine.godaddysites.com
18 VTTaken Down
demo.bahusande.com
18 VTTaken Down
dev.bahusande.com
18 VTTaken Down
dwgek.seepropertylens.com
18 VTLive
facebookstartopup.info
18 VTTaken Down
gafitulin.ru
18 VTTaken Down
immediatemomentumappai.com
18 VTLive
ioq-wahst5pp.com
18 VTLive
ledger-live-app-start-web-conect.typedream.app
18 VTTaken Down
lns-europe.cam
18 VTTaken Down
login.bahusande.com
18 VTLive
lrx-wahst5pp.com
18 VTLive
m.bahusande.com
18 VTTaken Down
m.jzg-wswhatsapp.cc
18 VTLive
m8o8.tap4369743.cc
18 VTTaken Down
metadappmainnet.xyz
18 VTLive
metta-auskme-asign0nn.godaddysites.com
18 VTTaken Down
monex-co-jp.bjcxzh.cn
18 VTLive
monex-co-jp.marcynail.cn
18 VTTaken Down
monex-co-jp.qlyxlx.cn
18 VTLive
monex-co-jp.scegq.cn
18 VTLive
msn-support-live-2025.ct.ws
18 VTTaken Down
mycoldstorage-coinbase.com
18 VTTaken Down
mysafevault-coinbase.com
18 VTTaken Down
netflix-cloneuatu.rollout.site
18 VTTaken Down
nexo.abc.br
18 VTLive
onlinecreditcard.services
18 VTLive
open-monex.sdbuer.cn
18 VTTaken Down
opencamping.shop
18 VTTaken Down
portal-auth-io-ndx.typedream.app
18 VTTaken Down
portal-ndxa-cdns.typedream.app
18 VTTaken Down
portal-ndxaio-web-docs.typedream.app
18 VTTaken Down
portal-uphld-en-us-web.typedream.app
18 VTTaken Down
qaraqun.click
18 VTLive
« Prev 1 2 3 4 5 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence