Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected
144,287Taken Down
91.7%Kill Rate
93.5%VT Coverage
45,507Abuse Reports
Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
October 2025 Intelligence Report 21%
8,841
8,428
Taken Down
135
Still Live
95.3%
Kill Rate
4002h
Avg Response
8.5
Avg VT Score

In October 2025, PhishDestroy detected <strong>8,841</strong> phishing domains, marking a <strong>21.0%</strong> increase from the previous month. Notably, <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top abuse registrar with <strong>1,206</strong> domains, indicating a potential shift in attacker preferences for domain registration. The targeting of <strong>Generic Crypto</strong> brands remains prevalent, with <strong>669</strong> domains detected, while <strong>Angel Drainer</strong> kits were the most used, affecting victims through wallet drains. Despite an <strong>85.7%</strong> takedown rate, the mean registrar response time of <strong>2803.0</strong> hours highlights a critical gap in rapid domain deactivation.

  • <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1,206</strong> domains, necessitating immediate escalation.
  • Crypto-related brands, especially <strong>Generic Crypto</strong>, are heavily targeted with <strong>669</strong> domains, overshadowing banking and social sectors.
  • The <strong>.com</strong> TLD remains the most weaponized with <strong>3,256</strong> domains, followed by <strong>.xyz</strong> and <strong>.app</strong>.
  • <strong>Angel Drainer</strong> kits dominate with <strong>1,122</strong> instances, posing significant risks of wallet drain for victims.
  • US-based hosting is overwhelmingly preferred, with <strong>6,383</strong> domains, indicating a need for increased collaboration with US-based providers.
  • The mean registrar response time of <strong>2803.0</strong> hours suggests inefficiencies in detection-to-takedown processes.
Outlook
In November, expect continued targeting of crypto sectors, with potential increases in <strong>.xyz</strong> and <strong>.app</strong> TLD abuse. Defenders should prioritize monitoring <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and escalate registrar response times to improve takedown efficiency.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,206
Cloudflare, Inc. 828
Dynadot LLC 784
Web Commerce Communications Limited 696
NameSilo, LLC 419
Gname.com Pte. Ltd. 394
NameCheap, Inc. 335
PDR Ltd. d/b/a PublicDomainRegistry.com 318

Targeted Brands

BrandDomains
across 583
Crypto Casino / Gambling 493
gmail 476
Coinbase 382
binance 267
solana 237
ethereum 220
Facebook 184

Top TLDs

.com3,256 .xyz651 .app447 .top320 .org289 .io271 .net247 .cc247

Hosting Countries

🇺🇸 US6,443 🇩🇪 DE453 🇨🇭 CH333 🇳🇱 NL298 🇭🇰 HK234 🇷🇺 RU147 🇰🇷 KR112 🇺🇦 UA101

Active Drainer Kits

Angel Drainer1,122 Wallet Connect Abuse321 Solana Drainer280 Ice Phishing8 Inferno Drainer1

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of t6la.top
t6la.top
18 VTTaken Down
Screenshot of tf2new.com
tf2new.com
18 VTTaken Down
Screenshot of theanzlink.com
theanzlink.com
18 VTTaken Down
Screenshot of tk-ioksml.life
tk-ioksml.life
18 VTTaken Down
Screenshot of tokidenbasvur.live
tokidenbasvur.live
18 VTTaken Down
Screenshot of tpg-wswhatsapp.cc
tpg-wswhatsapp.cc
18 VTTaken Down
Screenshot of trfbnturkeyd.click
trfbnturkeyd.click
18 VTTaken Down
Screenshot of uaid.tap4451c1r.cc
uaid.tap4451c1r.cc
18 VTTaken Down
Screenshot of ultimasofertasparati.com
ultimasofertasparati.com
18 VTTaken Down
Screenshot of uu1615.com
uu1615.com
18 VTTaken Down
Screenshot of uypdosyaneceza.com
uypdosyaneceza.com
18 VTTaken Down
Screenshot of vxrf-wahtsapp.com
vxrf-wahtsapp.com
18 VTTaken Down
Screenshot of vxt-wswhatsapp.cc
vxt-wswhatsapp.cc
18 VTTaken Down
Screenshot of web-hans-whatsapp.com.cn
web-hans-whatsapp.com.cn
18 VTTaken Down
Screenshot of web-metamask.to
web-metamask.to
18 VTTaken Down
Screenshot of web-phantom.to
web-phantom.to
18 VTTaken Down
Screenshot of web-wp-whatsappweb.com.cn
web-wp-whatsappweb.com.cn
18 VTTaken Down
Screenshot of web.whatsappp.vip
web.whatsappp.vip
18 VTTaken Down
Screenshot of whats-xwf.vip
whats-xwf.vip
18 VTTaken Down
Screenshot of whats-xwg.vip
whats-xwg.vip
18 VTTaken Down
Screenshot of xinoda.digital
xinoda.digital
18 VT
Screenshot of xrhj-wahtsapp.com
xrhj-wahtsapp.com
18 VTTaken Down
Screenshot of yfc-wswhatsapp.cc
yfc-wswhatsapp.cc
18 VTTaken Down
Screenshot of yuenandabaotksyy.top
yuenandabaotksyy.top
18 VTTaken Down
Screenshot of 167253-binance.com
167253-binance.com
17 VTTaken Down
Screenshot of 2bl4o9lfpk3ii1.dynv6.net
2bl4o9lfpk3ii1.dynv6.net
17 VTTaken Down
Screenshot of access-meta-io-page.pineapple.page
access-meta-io-page.pineapple.page
17 VTTaken Down
Screenshot of accounts.google.cygn.eu.org
accounts.google.cygn.eu.org
17 VT
Screenshot of active.network-panel-zone.com
active.network-panel-zone.com
17 VTTaken Down
Screenshot of admin.bahusande.com
admin.bahusande.com
17 VTTaken Down
Screenshot of airdrops.sbs
airdrops.sbs
17 VTTaken Down
Screenshot of allegrolokalnie.rozne-58322456.sbs
allegrolokalnie.rozne-58322456.sbs
17 VTTaken Down
Screenshot of always-99.biz.id
always-99.biz.id
17 VTTaken Down
Screenshot of amazonuvip.vip
amazonuvip.vip
17 VTTaken Down
Screenshot of app-gkc-whatsappcc.com
app-gkc-whatsappcc.com
17 VTTaken Down
Screenshot of app-ikq-whatshktw.com
app-ikq-whatshktw.com
17 VTTaken Down
Screenshot of app-kgm-whatsappcc.com
app-kgm-whatsappcc.com
17 VTTaken Down
Screenshot of app-lxj-whatshktw.com
app-lxj-whatshktw.com
17 VTTaken Down
Screenshot of app-lzd-whatshktw.com
app-lzd-whatshktw.com
17 VTTaken Down
Screenshot of app-qay-whatsappcc.com
app-qay-whatsappcc.com
17 VTTaken Down
Screenshot of app-sms-whatshktw.com
app-sms-whatshktw.com
17 VTTaken Down
Screenshot of app-uniswcp-launch-v5.com
app-uniswcp-launch-v5.com
17 VTTaken DownAngel Drainer
Screenshot of app-webwhatsapp.com.cn
app-webwhatsapp.com.cn
17 VTTaken Down
Screenshot of app-xvf-whatshktw.com
app-xvf-whatshktw.com
17 VTTaken Down
Screenshot of app.bahusande.com
app.bahusande.com
17 VTTaken Down
Screenshot of app.spark-finance.net
app.spark-finance.net
17 VTTaken DownAngel Drainer
Screenshot of apple-icloud-login.com
apple-icloud-login.com
17 VTTaken Down
Screenshot of astercoindrops.ru
astercoindrops.ru
17 VTAngel Drainer
Screenshot of b206p.xyz
b206p.xyz
17 VTTaken Down
Screenshot of barclaysfinancelimited.com
barclaysfinancelimited.com
17 VTTaken Down
Screenshot of bet365k.app
bet365k.app
17 VTTaken Down
Screenshot of bet365k.bet
bet365k.bet
17 VTTaken Down
Screenshot of bgruged.digital
bgruged.digital
17 VTTaken Down
Screenshot of binancze.com
binancze.com
17 VTTaken Down
Screenshot of btilloovvvvvvvooooo.weebly.com
btilloovvvvvvvooooo.weebly.com
17 VTTaken Down
Screenshot of businessfbads.vip
businessfbads.vip
17 VTTaken Down
Screenshot of caoinjbaseroplogi.godaddysites.com
caoinjbaseroplogi.godaddysites.com
17 VTTaken Down
Screenshot of cboinob81.com
cboinob81.com
17 VTTaken Down
Screenshot of cbsecurereview.com
cbsecurereview.com
17 VTTaken Down
Screenshot of cente-vegurations.business-minagne.com
cente-vegurations.business-minagne.com
17 VTTaken Down
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence