Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
October 2025 Intelligence Report 21%
8,841
4,414
Taken Down
4,161
Still Live
49.9%
Kill Rate
3217h
Avg Response
8.5
Avg VT Score

In October 2025, PhishDestroy detected 8,841 phishing domains, marking a 21.0% increase from the previous month. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top abuse registrar with 1,206 domains, indicating a potential shift in attacker preferences for domain registration. The targeting of Generic Crypto brands remains prevalent, with 669 domains detected, while Angel Drainer kits were the most used, affecting victims through wallet drains. Despite an 85.7% takedown rate, the mean registrar response time of 2803.0 hours highlights a critical gap in rapid domain deactivation.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1,206 domains, necessitating immediate escalation.
  • Crypto-related brands, especially Generic Crypto, are heavily targeted with 669 domains, overshadowing banking and social sectors.
  • The .com TLD remains the most weaponized with 3,256 domains, followed by .xyz and .app.
  • Angel Drainer kits dominate with 1,122 instances, posing significant risks of wallet drain for victims.
  • US-based hosting is overwhelmingly preferred, with 6,383 domains, indicating a need for increased collaboration with US-based providers.
  • The mean registrar response time of 2803.0 hours suggests inefficiencies in detection-to-takedown processes.
Outlook
In November, expect continued targeting of crypto sectors, with potential increases in .xyz and .app TLD abuse. Defenders should prioritize monitoring NICENIC INTERNATIONAL GROUP CO., LIMITED and escalate registrar response times to improve takedown efficiency.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,206
Cloudflare, Inc. 828
Dynadot LLC 784
Web Commerce Communications Limited 696
NameSilo, LLC 419
Gname.com Pte. Ltd. 394
NameCheap, Inc. 335
PDR Ltd. d/b/a PublicDomainRegistry.com 318

Targeted Brands

BrandDomains
across 583
Crypto Casino / Gambling 493
gmail 476
Coinbase 382
binance 267
solana 237
ethereum 220
Facebook 184

Top TLDs

.com3,256 .xyz651 .app447 .top320 .org289 .io271 .net247 .cc247

Hosting Countries

🇺🇸 US6,443 🇩🇪 DE453 🇨🇭 CH333 🇳🇱 NL298 🇭🇰 HK234 🇷🇺 RU147 🇰🇷 KR112 🇺🇦 UA101

Active Drainer Kits

Angel Drainer1,122 Wallet Connect Abuse321 Solana Drainer280 Ice Phishing8 Inferno Drainer1

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

raspoarsap.click
18 VTTaken Down
rb88g.com
18 VTTaken Down
safeportal-coinbase.com
18 VTTaken Down
santderlokaty.pl
18 VTLive
sap37199yd.cc
18 VTTaken Down
sarjalk.click
18 VTTaken Down
scheduleappointmentforqb.com
18 VTLive
school-en-metamas.pineapple.page
18 VTTaken Down
swisspost.pay-service.digital
18 VT
t6la.top
18 VTTaken Down
tf2new.com
18 VTLive
theanzlink.com
18 VTTaken Down
tk-ioksml.life
18 VTLive
tokidenbasvur.live
18 VTLive
tpg-wswhatsapp.cc
18 VTTaken Down
trfbnturkeyd.click
18 VTLive
uaid.tap4451c1r.cc
18 VTTaken Down
ultimasofertasparati.com
18 VTLive
uu1615.com
18 VTTaken Down
uypdosyaneceza.com
18 VTTaken Down
vxrf-wahtsapp.com
18 VTLive
vxt-wswhatsapp.cc
18 VTLive
web-hans-whatsapp.com.cn
18 VTTaken Down
web-metamask.to
18 VTTaken Down
web-phantom.to
18 VTTaken Down
web.whatsappp.vip
18 VTLive
whats-xwf.vip
18 VTTaken Down
whats-xwg.vip
18 VTTaken Down
whats-xyd.vip
18 VTLive
whats-xyf.vip
18 VTLive
xinoda.digital
18 VT
yfc-wswhatsapp.cc
18 VTLive
yjr-wswhatsapp.cc
18 VTLive
yuenandabaotksyy.top
18 VTLive
167253-binance.com
17 VTLive
2bl4o9lfpk3ii1.dynv6.net
17 VTLive
access-meta-io-page.pineapple.page
17 VTTaken Down
accounts.google.cygn.eu.org
17 VT
active.network-panel-zone.com
17 VTLive
admin.bahusande.com
17 VTTaken Down
airdrops.sbs
17 VTTaken Down
allegro.ghgy675eeygt.sbs
17 VTLive
allegrolokalnie.rozne-58322456.sbs
17 VTLive
always-99.biz.id
17 VTLive
amazonuvip.vip
17 VTLive
app-gkc-whatsappcc.com
17 VTLive
app-ikq-whatshktw.com
17 VTLive
app-lxj-whatshktw.com
17 VTLive
app-lzd-whatshktw.com
17 VTLive
app-qay-whatsappcc.com
17 VTLive
app-sms-whatshktw.com
17 VTLive
app-uniswcp-launch-v5.com
17 VTTaken DownAngel Drainer
app-webwhatsapp.com.cn
17 VTLive
app-xvf-whatshktw.com
17 VTLive
app.bahusande.com
17 VTTaken Down
app.spark-finance.net
17 VTLiveAngel Drainer
apple-icloud-login.com
17 VTLive
astercoindrops.ru
17 VTAngel Drainer
b206p.xyz
17 VTTaken Down
barclaysfinancelimited.com
17 VTTaken Down
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence