Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,044Total Detected
79,240Taken Down
57%Kill Rate
92.4%VT Coverage
38,871Abuse Reports
Overview May 261,960 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
October 2025 Intelligence Report 21%
8,841
4,414
Taken Down
4,161
Still Live
49.9%
Kill Rate
3217h
Avg Response
8.5
Avg VT Score

In October 2025, PhishDestroy detected 8,841 phishing domains, marking a 21.0% increase from the previous month. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top abuse registrar with 1,206 domains, indicating a potential shift in attacker preferences for domain registration. The targeting of Generic Crypto brands remains prevalent, with 669 domains detected, while Angel Drainer kits were the most used, affecting victims through wallet drains. Despite an 85.7% takedown rate, the mean registrar response time of 2803.0 hours highlights a critical gap in rapid domain deactivation.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1,206 domains, necessitating immediate escalation.
  • Crypto-related brands, especially Generic Crypto, are heavily targeted with 669 domains, overshadowing banking and social sectors.
  • The .com TLD remains the most weaponized with 3,256 domains, followed by .xyz and .app.
  • Angel Drainer kits dominate with 1,122 instances, posing significant risks of wallet drain for victims.
  • US-based hosting is overwhelmingly preferred, with 6,383 domains, indicating a need for increased collaboration with US-based providers.
  • The mean registrar response time of 2803.0 hours suggests inefficiencies in detection-to-takedown processes.
Outlook
In November, expect continued targeting of crypto sectors, with potential increases in .xyz and .app TLD abuse. Defenders should prioritize monitoring NICENIC INTERNATIONAL GROUP CO., LIMITED and escalate registrar response times to improve takedown efficiency.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,206
Cloudflare, Inc. 828
Dynadot LLC 784
Web Commerce Communications Limited 696
NameSilo, LLC 419
Gname.com Pte. Ltd. 394
NameCheap, Inc. 335
PDR Ltd. d/b/a PublicDomainRegistry.com 318

Targeted Brands

BrandDomains
across 583
Crypto Casino / Gambling 493
gmail 476
Coinbase 382
binance 267
solana 237
ethereum 220
Facebook 184

Top TLDs

.com3,256 .xyz651 .app447 .top320 .org289 .io271 .net247 .cc247

Hosting Countries

🇺🇸 US6,443 🇩🇪 DE453 🇨🇭 CH333 🇳🇱 NL298 🇭🇰 HK234 🇷🇺 RU147 🇰🇷 KR112 🇺🇦 UA101

Active Drainer Kits

Angel Drainer1,122 Wallet Connect Abuse321 Solana Drainer280 Ice Phishing8 Inferno Drainer1

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

app-tap-whatsappweb.com.cn
21 VTLive
eng-coinbasepro-us.typedream.app
21 VTTaken Down
ethereum-200xcormax.com
21 VTLive
ethereum-hiprex.net
21 VTTaken Down
fec4yd.miningyb.vip
21 VTTaken Down
sso-login-robinhood-auth.tem3.io
21 VTTaken Down
steamdoa1.duckdns.org
21 VTTaken Down
usmeta-maskloogn.godaddysites.com
21 VTTaken Down
veliboss.cc
21 VTLive
whatsappnk.com
21 VTTaken Down
app-trezor-info.live
20 VTTaken Down
ethereum-lispro.net
20 VTTaken Down
ethereum-oluxapp.net
20 VTTaken Down
ethereumproair.co
20 VTLive
ethereumproair.com
20 VTLive
imtokenflp.com
20 VTTaken Down
kucoincmlggin.webflow.io
20 VTTaken Down
pages-trezor-io-login.typedream.app
20 VTTaken Down
rabinhood-login.gitbook.io
20 VTTaken Down
web-netcoin-app-auth.tem3.io
20 VTTaken Down
1-shopify.com
19 VTTaken Down
allegrolokalnie.pl-oferta822345.rest
19 VTLive
app-ap-whatsappweb.com.cn
19 VTLive
app-whats-whatsappweb.com.cn
19 VTLive
bafkreiekbtzmshtc237taav2aevej2xm7rbnt5f4vkc5vavwijjg44m7vi.ipfs.dweb.link
19 VTTaken Down
bitzixnexusapp.com
19 VTLive
coinbaseupdate.com
19 VT
dbdr-wahtsapp.com
19 VTLive
discord.softorod.com
19 VTTaken Down
ebay-v.com
19 VTTaken Down
enthodex.online
19 VTTaken DownAngel Drainer
ethereum-olux-platformapp.com
19 VTLive
ethereum-olux-platformapp.net
19 VTLive
ethereum-oluxapp.com
19 VTLive
ethereum-pro.com
19 VTLive
ethereum13xolux.org
19 VTLive
ethereumolux17x.com
19 VTLive
ethereumproair.app
19 VTLive
ethereumproair360.com
19 VTLive
fasliaf.click
19 VTLive
fearless-calendar-501570.framer.app
19 VTTaken Down
fekrouuun.com
19 VT
fortune-phantom.net
19 VTTaken Down
help-support-start-trezrio.typedream.app
19 VTTaken Down
im-whatsappweb.com.cn
19 VTLive
immediatemomentumapp.org
19 VTLive
loginmetajobssuite.com
19 VT
markets-phantom.com
19 VTLive
mettumuskkkvlogue.godaddysites.com
19 VTTaken Down
momentum-sphere-ai.com
19 VTLive
momentumglowaiapp.com
19 VTLive
nexusaiapp.net
19 VTLive
nexusformnetwork.com
19 VTLive
nexwald-nexus-app.net
19 VTLive
proxette.cc
19 VTLive
rb88e.com
19 VTTaken Down
sftgjbcfhjo.shop
19 VTLive
skylinenexusproapp.net
19 VTLive
solicitacaocomresgate.com
19 VTTaken Down
steamcomrnumlty.com
19 VTLive
1 2 3 4 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,044+ domains with security reports

Live Threats

59,684 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence