Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected
144,287Taken Down
91.7%Kill Rate
93.5%VT Coverage
45,507Abuse Reports
Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
October 2025 Intelligence Report 21%
8,841
8,428
Taken Down
135
Still Live
95.3%
Kill Rate
4002h
Avg Response
8.5
Avg VT Score

In October 2025, PhishDestroy detected <strong>8,841</strong> phishing domains, marking a <strong>21.0%</strong> increase from the previous month. Notably, <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top abuse registrar with <strong>1,206</strong> domains, indicating a potential shift in attacker preferences for domain registration. The targeting of <strong>Generic Crypto</strong> brands remains prevalent, with <strong>669</strong> domains detected, while <strong>Angel Drainer</strong> kits were the most used, affecting victims through wallet drains. Despite an <strong>85.7%</strong> takedown rate, the mean registrar response time of <strong>2803.0</strong> hours highlights a critical gap in rapid domain deactivation.

  • <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1,206</strong> domains, necessitating immediate escalation.
  • Crypto-related brands, especially <strong>Generic Crypto</strong>, are heavily targeted with <strong>669</strong> domains, overshadowing banking and social sectors.
  • The <strong>.com</strong> TLD remains the most weaponized with <strong>3,256</strong> domains, followed by <strong>.xyz</strong> and <strong>.app</strong>.
  • <strong>Angel Drainer</strong> kits dominate with <strong>1,122</strong> instances, posing significant risks of wallet drain for victims.
  • US-based hosting is overwhelmingly preferred, with <strong>6,383</strong> domains, indicating a need for increased collaboration with US-based providers.
  • The mean registrar response time of <strong>2803.0</strong> hours suggests inefficiencies in detection-to-takedown processes.
Outlook
In November, expect continued targeting of crypto sectors, with potential increases in <strong>.xyz</strong> and <strong>.app</strong> TLD abuse. Defenders should prioritize monitoring <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and escalate registrar response times to improve takedown efficiency.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,206
Cloudflare, Inc. 828
Dynadot LLC 784
Web Commerce Communications Limited 696
NameSilo, LLC 419
Gname.com Pte. Ltd. 394
NameCheap, Inc. 335
PDR Ltd. d/b/a PublicDomainRegistry.com 318

Targeted Brands

BrandDomains
across 583
Crypto Casino / Gambling 493
gmail 476
Coinbase 382
binance 267
solana 237
ethereum 220
Facebook 184

Top TLDs

.com3,256 .xyz651 .app447 .top320 .org289 .io271 .net247 .cc247

Hosting Countries

🇺🇸 US6,443 🇩🇪 DE453 🇨🇭 CH333 🇳🇱 NL298 🇭🇰 HK234 🇷🇺 RU147 🇰🇷 KR112 🇺🇦 UA101

Active Drainer Kits

Angel Drainer1,122 Wallet Connect Abuse321 Solana Drainer280 Ice Phishing8 Inferno Drainer1

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of challengerez.world
challengerez.world
17 VTTaken Down
Screenshot of chicavora.com
chicavora.com
17 VTTaken Down
Screenshot of cinbiseproologiusg.godaddysites.com
cinbiseproologiusg.godaddysites.com
17 VTTaken Down
Screenshot of claim.matemask.xyz
claim.matemask.xyz
17 VTTaken DownAngel Drainer
Screenshot of cn.lnmxys.com
cn.lnmxys.com
17 VTTaken Down
Screenshot of cn.lumxza.com
cn.lumxza.com
17 VTTaken Down
Screenshot of cobbaannd.top
cobbaannd.top
17 VTTaken Down
Screenshot of colabsupport.app
colabsupport.app
17 VTTaken Down
Screenshot of cuibaseeprologiusnv.godaddysites.com
cuibaseeprologiusnv.godaddysites.com
17 VTTaken Down
Screenshot of cupchallengemode.world
cupchallengemode.world
17 VTTaken Down
Screenshot of cvaszoea.cfd
cvaszoea.cfd
17 VTTaken Down
Screenshot of cvxsazu.cfd
cvxsazu.cfd
17 VTTaken Down
Screenshot of d0f.alphaonehire.com.au
d0f.alphaonehire.com.au
17 VTTaken Down
Screenshot of degen.airdropsalert.biz
degen.airdropsalert.biz
17 VTTaken Down
Screenshot of doc-coinbase-extension.typedream.app
doc-coinbase-extension.typedream.app
17 VTTaken Down
Screenshot of edgegermang.shop
edgegermang.shop
17 VTTaken Down
Screenshot of enthusiastic-impact-434193.framer.app
enthusiastic-impact-434193.framer.app
17 VTTaken Down
Screenshot of eov-wswhatsapp.cc
eov-wswhatsapp.cc
17 VTTaken Down
Screenshot of eq51lnf7.tscpress.com
eq51lnf7.tscpress.com
17 VTTaken Down
Screenshot of ethereum-lispro.com
ethereum-lispro.com
17 VTTaken Down
Screenshot of ethereum-mixerx.com
ethereum-mixerx.com
17 VTTaken Down
Screenshot of exodus-recovery.app
exodus-recovery.app
17 VTTaken Down
Screenshot of extension-metamask-wallet.com
extension-metamask-wallet.com
17 VTTaken Down
Screenshot of fabulous-akita-283.convex.app
fabulous-akita-283.convex.app
17 VTTaken Down
Screenshot of facebook-feedback9hqg.rollout.site
facebook-feedback9hqg.rollout.site
17 VTTaken Down
Screenshot of facebook.redirect.securelogin.ovh
facebook.redirect.securelogin.ovh
17 VTTaken Down
Screenshot of flexprox.cc
flexprox.cc
17 VTTaken Down
Screenshot of gamedb.shop
gamedb.shop
17 VTTaken Down
Screenshot of garagedoorrepairnorthkingstown.com
garagedoorrepairnorthkingstown.com
17 VTTaken Down
Screenshot of gevigu.digital
gevigu.digital
17 VTTaken Down
Screenshot of gminimilognix.gitbook.io
gminimilognix.gitbook.io
17 VTTaken Down
Screenshot of gom2c.com
gom2c.com
17 VTTaken Down
Screenshot of hayallerdekievim.com
hayallerdekievim.com
17 VTTaken Down
Screenshot of help-cryptocom-docs.typedream.app
help-cryptocom-docs.typedream.app
17 VTTaken Down
Screenshot of hzknyy.net
hzknyy.net
17 VTTaken Down
Screenshot of id.handel.mobile.de-login-service.primemassagemaltonivel.com.br
id.handel.mobile.de-login-service.primemassagemaltonivel.com.br
17 VTTaken Down
Screenshot of immediatemomentumapp.ru
immediatemomentumapp.ru
17 VTTaken Down
Screenshot of imtoken-pc.com.cn
imtoken-pc.com.cn
17 VTTaken Down
Screenshot of imtokeniks.com
imtokeniks.com
17 VTTaken Down
Screenshot of io-trezr-login-us.typedream.app
io-trezr-login-us.typedream.app
17 VTTaken Down
Screenshot of jupbox.net
jupbox.net
17 VTTaken DownSolana Drainer
Screenshot of jzg-wswhatsapp.cc
jzg-wswhatsapp.cc
17 VTTaken Down
Screenshot of kamusorgulama.net
kamusorgulama.net
17 VTTaken Down
Screenshot of kuoinlogn-kucogin.godaddysites.com
kuoinlogn-kucogin.godaddysites.com
17 VTTaken Down
Screenshot of kxnzmhasyqrfsvgabnqrwczdfskdfhvfs.rest
kxnzmhasyqrfsvgabnqrwczdfskdfhvfs.rest
17 VTTaken Down
Screenshot of learn.bitetea.com
learn.bitetea.com
17 VTTaken Down
Screenshot of learn.c-by-bit.com
learn.c-by-bit.com
17 VTTaken Down
Screenshot of ledgerapp.shop
ledgerapp.shop
17 VTTaken Down
Screenshot of lns-europe.cam
lns-europe.cam
17 VTTaken Down
Screenshot of login-group-id.online
login-group-id.online
17 VTTaken Down
Screenshot of lvrh-wahtsapp.com
lvrh-wahtsapp.com
17 VTTaken Down
Screenshot of m.uwqnfa.cc
m.uwqnfa.cc
17 VTTaken Down
Screenshot of m.wsp-wswhatsapp.cc
m.wsp-wswhatsapp.cc
17 VTTaken Down
Screenshot of m102y.xyz
m102y.xyz
17 VTTaken Down
Screenshot of marass.click
marass.click
17 VTTaken Down
Screenshot of mask-helpdesk-io.netlify.app
mask-helpdesk-io.netlify.app
17 VTTaken Down
Screenshot of mbrfornos.com.br
mbrfornos.com.br
17 VTTaken Down
Screenshot of merry-rugelach-86e65c.netlify.app
merry-rugelach-86e65c.netlify.app
17 VTTaken Down
Screenshot of metamask-web3.xyz
metamask-web3.xyz
17 VTTaken Down
Screenshot of metashopesvc.top
metashopesvc.top
17 VTTaken Down
« Prev 1 2 3 4 5 6 7 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence