Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected

144,287Taken Down

91.7%Kill Rate

93.5%VT Coverage

45,507Abuse Reports

Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253

October 2025 Intelligence Report 21%

8,841

8,428

Taken Down

135

Still Live

95.3%

Kill Rate

4002h

Avg Response

8.5

Avg VT Score

In October 2025, PhishDestroy detected <strong>8,841</strong> phishing domains, marking a <strong>21.0%</strong> increase from the previous month. Notably, <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top abuse registrar with <strong>1,206</strong> domains, indicating a potential shift in attacker preferences for domain registration. The targeting of <strong>Generic Crypto</strong> brands remains prevalent, with <strong>669</strong> domains detected, while <strong>Angel Drainer</strong> kits were the most used, affecting victims through wallet drains. Despite an <strong>85.7%</strong> takedown rate, the mean registrar response time of <strong>2803.0</strong> hours highlights a critical gap in rapid domain deactivation.

<strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1,206</strong> domains, necessitating immediate escalation.
Crypto-related brands, especially <strong>Generic Crypto</strong>, are heavily targeted with <strong>669</strong> domains, overshadowing banking and social sectors.
The <strong>.com</strong> TLD remains the most weaponized with <strong>3,256</strong> domains, followed by <strong>.xyz</strong> and <strong>.app</strong>.
<strong>Angel Drainer</strong> kits dominate with <strong>1,122</strong> instances, posing significant risks of wallet drain for victims.
US-based hosting is overwhelmingly preferred, with <strong>6,383</strong> domains, indicating a need for increased collaboration with US-based providers.
The mean registrar response time of <strong>2803.0</strong> hours suggests inefficiencies in detection-to-takedown processes.

Outlook

In November, expect continued targeting of crypto sectors, with potential increases in <strong>.xyz</strong> and <strong>.app</strong> TLD abuse. Defenders should prioritize monitoring <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and escalate registrar response times to improve takedown efficiency.

Full Data on GitHub Browse All Domains Live Threats

Top Registrars

Registrar	Domains
NiceNIC International Group Co., Limited	1,206
Cloudflare, Inc.	828
Dynadot LLC	784
Web Commerce Communications Limited	696
NameSilo, LLC	419
Gname.com Pte. Ltd.	394
NameCheap, Inc.	335
PDR Ltd. d/b/a PublicDomainRegistry.com	318

Targeted Brands

Brand	Domains
across	583
Crypto Casino / Gambling	493
gmail	476
Coinbase	382
binance	267
solana	237
ethereum	220
Facebook	184

Top TLDs

Hosting Countries

Active Drainer Kits

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of web-was-whatsappweb.com.cn

web-was-whatsappweb.com.cn

19 VTTaken Down

Screenshot of wekorose.digital

wekorose.digital

19 VTTaken Down

Screenshot of whats4pp.top

19 VTTaken Down

Screenshot of xn--paypalgebhrenrechner-xec.de

xn--paypalgebhrenrechner-xec.de

19 VTTaken Down

Screenshot of xpoalswwkjddsljsy.com

xpoalswwkjddsljsy.com

19 VTTaken Down

Screenshot of 500binkonutbasvuru.click

500binkonutbasvuru.click

18 VTTaken Down

Screenshot of about-meta-home.pineapple.page

about-meta-home.pineapple.page

18 VTTaken Down

Screenshot of admin.535787.top

admin.535787.top

18 VTTaken Down

Screenshot of aktivpayletter.safetycs.biz.id

aktivpayletter.safetycs.biz.id

18 VTTaken Down

Screenshot of alfjeqlqf.top

18 VTTaken Down

Screenshot of amazonine.top

18 VTTaken Down

Screenshot of api.bahusande.com

api.bahusande.com

18 VTTaken Down

Screenshot of app-jtn-whatshktw.com

app-jtn-whatshktw.com

18 VTTaken Down

Screenshot of apps.bahusande.com

apps.bahusande.com

18 VTTaken Down

Screenshot of aster-bd.com

Screenshot of bet365h1.cc

18 VTTaken Down

Screenshot of blockfilogiii.godaddysites.com

blockfilogiii.godaddysites.com

18 VTTaken Down

Screenshot of bsvrlrmtrkye.digital

bsvrlrmtrkye.digital

18 VTTaken Down

Screenshot of cobbcbo.top

18 VTTaken Down

Screenshot of coinbae.cn

18 VTTaken Down

Screenshot of coinbasecwn.com

coinbasecwn.com

18 VTTaken Down

Screenshot of cuionsabesignine.godaddysites.com

cuionsabesignine.godaddysites.com

18 VTTaken Down

Screenshot of dbdr-wahtsapp.com

dbdr-wahtsapp.com

18 VTTaken Down

Screenshot of demo.bahusande.com

demo.bahusande.com

18 VTTaken Down

Screenshot of dev.bahusande.com

dev.bahusande.com

18 VTTaken Down

Screenshot of dwgek.seepropertylens.com

dwgek.seepropertylens.com

18 VTTaken Down

Screenshot of ethereum360.app

ethereum360.app

18 VTTaken Down

Screenshot of facebookstartopup.info

facebookstartopup.info

18 VTTaken Down

Screenshot of gafitulin.ru

18 VTTaken Down

Screenshot of im-whatsappweb.com.cn

im-whatsappweb.com.cn

18 VTTaken Down

Screenshot of immediatemomentumappai.com

immediatemomentumappai.com

18 VTTaken Down

Screenshot of ioq-wahst5pp.com

ioq-wahst5pp.com

18 VTTaken Down

Screenshot of ledger-live-app-start-web-conect.typedream.app

ledger-live-app-start-web-conect.typedream.app

18 VTTaken Down

Screenshot of login.bahusande.com

login.bahusande.com

18 VTTaken Down

Screenshot of lrx-wahst5pp.com

lrx-wahst5pp.com

18 VTTaken Down

Screenshot of m.bahusande.com

m.bahusande.com

18 VTTaken Down

Screenshot of m.jzg-wswhatsapp.cc

m.jzg-wswhatsapp.cc

18 VTTaken Down

Screenshot of m8o8.tap4369743.cc

m8o8.tap4369743.cc

18 VTTaken Down

Screenshot of metta-auskme-asign0nn.godaddysites.com

metta-auskme-asign0nn.godaddysites.com

18 VTTaken Down

Screenshot of monex-co-jp.bjcxzh.cn

monex-co-jp.bjcxzh.cn

18 VTTaken Down

Screenshot of monex-co-jp.marcynail.cn

monex-co-jp.marcynail.cn

18 VTTaken Down

Screenshot of monex-co-jp.qlyxlx.cn

monex-co-jp.qlyxlx.cn

18 VTTaken Down

Screenshot of monex-co-jp.scegq.cn

monex-co-jp.scegq.cn

18 VTTaken Down

Screenshot of msn-support-live-2025.ct.ws

msn-support-live-2025.ct.ws

18 VTTaken Down

Screenshot of mycoldstorage-coinbase.com

mycoldstorage-coinbase.com

18 VTTaken Down

Screenshot of mysafevault-coinbase.com

mysafevault-coinbase.com

18 VTTaken Down

Screenshot of netflix-cloneuatu.rollout.site

netflix-cloneuatu.rollout.site

18 VTTaken Down

Screenshot of nexo.abc.br

18 VTTaken Down

Screenshot of opencamping.shop

opencamping.shop

18 VTTaken Down

Screenshot of portal-auth-io-ndx.typedream.app

portal-auth-io-ndx.typedream.app

18 VTTaken Down

Screenshot of portal-ndxa-cdns.typedream.app

portal-ndxa-cdns.typedream.app

18 VTTaken Down

Screenshot of portal-ndxaio-web-docs.typedream.app

portal-ndxaio-web-docs.typedream.app

18 VTTaken Down

Screenshot of portal-uphld-en-us-web.typedream.app

portal-uphld-en-us-web.typedream.app

18 VTTaken Down

Screenshot of raspoarsap.click

raspoarsap.click

18 VTTaken Down

Screenshot of rb88g.com

18 VTTaken Down

Screenshot of safeportal-coinbase.com

safeportal-coinbase.com

18 VTTaken Down

Screenshot of sap37199yd.cc

18 VTTaken Down

Screenshot of sarjalk.click

18 VTTaken Down

Screenshot of school-en-metamas.pineapple.page

school-en-metamas.pineapple.page

18 VTTaken Down

Screenshot of swisspost.pay-service.digital

swisspost.pay-service.digital

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence