Threat Intelligence Dashboard

October 2025 Report

Detailed threat intelligence for 8,841 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,600Total Detected

144,147Taken Down

91.6%Kill Rate

93.5%VT Coverage

45,500Abuse Reports

Overview Jun 268,072 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253

October 2025 Intelligence Report 21%

8,841

8,428

Taken Down

135

Still Live

95.3%

Kill Rate

4002h

Avg Response

8.5

Avg VT Score

In October 2025, PhishDestroy detected <strong>8,841</strong> phishing domains, marking a <strong>21.0%</strong> increase from the previous month. Notably, <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top abuse registrar with <strong>1,206</strong> domains, indicating a potential shift in attacker preferences for domain registration. The targeting of <strong>Generic Crypto</strong> brands remains prevalent, with <strong>669</strong> domains detected, while <strong>Angel Drainer</strong> kits were the most used, affecting victims through wallet drains. Despite an <strong>85.7%</strong> takedown rate, the mean registrar response time of <strong>2803.0</strong> hours highlights a critical gap in rapid domain deactivation.

<strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1,206</strong> domains, necessitating immediate escalation.
Crypto-related brands, especially <strong>Generic Crypto</strong>, are heavily targeted with <strong>669</strong> domains, overshadowing banking and social sectors.
The <strong>.com</strong> TLD remains the most weaponized with <strong>3,256</strong> domains, followed by <strong>.xyz</strong> and <strong>.app</strong>.
<strong>Angel Drainer</strong> kits dominate with <strong>1,122</strong> instances, posing significant risks of wallet drain for victims.
US-based hosting is overwhelmingly preferred, with <strong>6,383</strong> domains, indicating a need for increased collaboration with US-based providers.
The mean registrar response time of <strong>2803.0</strong> hours suggests inefficiencies in detection-to-takedown processes.

Outlook

In November, expect continued targeting of crypto sectors, with potential increases in <strong>.xyz</strong> and <strong>.app</strong> TLD abuse. Defenders should prioritize monitoring <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and escalate registrar response times to improve takedown efficiency.

Full Data on GitHub Browse All Domains Live Threats

Top Registrars

Registrar	Domains
NiceNIC International Group Co., Limited	1,206
Cloudflare, Inc.	828
Dynadot LLC	784
Web Commerce Communications Limited	696
NameSilo, LLC	419
Gname.com Pte. Ltd.	394
NameCheap, Inc.	335
PDR Ltd. d/b/a PublicDomainRegistry.com	318

Targeted Brands

Brand	Domains
across	583
Crypto Casino / Gambling	493
gmail	476
Coinbase	382
binance	267
solana	237
ethereum	220
Facebook	184

Top TLDs

Hosting Countries

Active Drainer Kits

October 2025 Domains (8,841)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of app-tap-whatsappweb.com.cn

app-tap-whatsappweb.com.cn

21 VTTaken Down

Screenshot of eng-coinbasepro-us.typedream.app

eng-coinbasepro-us.typedream.app

21 VTTaken Down

Screenshot of ethereum-200xcormax.com

ethereum-200xcormax.com

21 VTTaken Down

Screenshot of ethereum-hiprex.net

ethereum-hiprex.net

21 VTTaken Down

Screenshot of fec4yd.miningyb.vip

fec4yd.miningyb.vip

21 VTTaken Down

Screenshot of netflilxtvonline.com

netflilxtvonline.com

21 VTTaken Down

Screenshot of sso-login-robinhood-auth.tem3.io

sso-login-robinhood-auth.tem3.io

21 VTTaken Down

Screenshot of steamdoa1.duckdns.org

steamdoa1.duckdns.org

21 VTTaken Down

Screenshot of usmeta-maskloogn.godaddysites.com

usmeta-maskloogn.godaddysites.com

21 VTTaken Down

Screenshot of veliboss.cc

21 VTTaken Down

Screenshot of whatsappnk.com

21 VTTaken Down

Screenshot of app-trezor-info.live

app-trezor-info.live

20 VTTaken Down

Screenshot of ethereum-lispro.net

ethereum-lispro.net

20 VTTaken Down

Screenshot of ethereum-oluxapp.net

ethereum-oluxapp.net

20 VTTaken Down

Screenshot of ethereumproair.co

ethereumproair.co

20 VTTaken Down

Screenshot of ethereumproair.com

ethereumproair.com

20 VTTaken Down

Screenshot of imtokenflp.com

Screenshot of kucoincmlggin.webflow.io

kucoincmlggin.webflow.io

20 VTTaken Down

Screenshot of pages-trezor-io-login.typedream.app

pages-trezor-io-login.typedream.app

20 VTTaken Down

Screenshot of rabinhood-login.gitbook.io

rabinhood-login.gitbook.io

20 VTTaken Down

Screenshot of web-netcoin-app-auth.tem3.io

web-netcoin-app-auth.tem3.io

20 VTTaken Down

Screenshot of 1-shopify.com

19 VTTaken Down

Screenshot of allegrolokalnie.pl-oferta822345.rest

allegrolokalnie.pl-oferta822345.rest

19 VTTaken Down

Screenshot of app-ap-whatsappweb.com.cn

app-ap-whatsappweb.com.cn

19 VTTaken Down

Screenshot of app-whats-whatsappweb.com.cn

app-whats-whatsappweb.com.cn

19 VTTaken Down

Screenshot of bafkreiekbtzmshtc237taav2aevej2xm7rbnt5f4vkc5vavwijjg44m7vi.ipfs.dweb.link

bafkreiekbtzmshtc237taav2aevej2xm7rbnt5f4vkc5vavwijjg44m7vi.ipfs.dweb.link

19 VTTaken Down

Screenshot of bitzixnexusapp.com

bitzixnexusapp.com

19 VTTaken Down

Screenshot of coinbaseupdate.com

coinbaseupdate.com

Screenshot of discord.softorod.com

discord.softorod.com

19 VTTaken Down

Screenshot of ebay-v.com

19 VTTaken Down

Screenshot of enthodex.online

enthodex.online

19 VTTaken DownAngel Drainer

Screenshot of ethereum-olux-platformapp.com

ethereum-olux-platformapp.com

19 VTTaken Down

Screenshot of ethereum-olux-platformapp.net

ethereum-olux-platformapp.net

19 VTTaken Down

Screenshot of ethereum-oluxapp.com

ethereum-oluxapp.com

19 VTTaken Down

Screenshot of ethereum-pro.com

ethereum-pro.com

19 VTTaken Down

Screenshot of ethereum13xolux.org

ethereum13xolux.org

19 VTTaken Down

Screenshot of ethereumolux17x.com

ethereumolux17x.com

19 VTTaken Down

Screenshot of ethereumproair.app

ethereumproair.app

19 VTTaken Down

Screenshot of ethereumproair360.com

ethereumproair360.com

19 VTTaken Down

Screenshot of fearless-calendar-501570.framer.app

fearless-calendar-501570.framer.app

19 VTTaken Down

Screenshot of fekrouuun.com

Screenshot of fortune-phantom.net

fortune-phantom.net

19 VTTaken Down

Screenshot of help-support-start-trezrio.typedream.app

help-support-start-trezrio.typedream.app

19 VTTaken Down

Screenshot of immediatemomentumapp.org

immediatemomentumapp.org

19 VTTaken Down

Screenshot of loginmetajobssuite.com

loginmetajobssuite.com

Screenshot of markets-phantom.com

markets-phantom.com

19 VTTaken Down

Screenshot of mettumuskkkvlogue.godaddysites.com

mettumuskkkvlogue.godaddysites.com

19 VTTaken Down

Screenshot of momentum-sphere-ai.com

momentum-sphere-ai.com

19 VTTaken Down

Screenshot of momentumglowaiapp.com

momentumglowaiapp.com

19 VTTaken Down

Screenshot of nexusaiapp.net

19 VTTaken Down

Screenshot of nexusformnetwork.com

nexusformnetwork.com

19 VTTaken Down

Screenshot of nexwald-nexus-app.net

nexwald-nexus-app.net

19 VTTaken Down

Screenshot of proxette.cc

19 VTTaken Down

Screenshot of rb88e.com

19 VTTaken Down

Screenshot of sftgjbcfhjo.shop

sftgjbcfhjo.shop

19 VTTaken Down

Screenshot of skylinenexusproapp.net

skylinenexusproapp.net

19 VTTaken Down

Screenshot of solicitacaocomresgate.com

solicitacaocomresgate.com

19 VTTaken Down

Screenshot of steamcomrnumlty.com

steamcomrnumlty.com

19 VTTaken Down

Screenshot of wealthphantomapp.net

wealthphantomapp.net

19 VTTaken Down

Screenshot of web-ob-whatsapp.com.cn

web-ob-whatsapp.com.cn

19 VTTaken Down

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,600+ domains with security reports

Live Threats

13,143 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence