In October 2025, PhishDestroy detected 8,841 phishing domains, marking a 21.0% increase from the previous month. Notably, NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top abuse registrar with 1,206 domains, indicating a potential shift in attacker preferences for domain registration. The targeting of Generic Crypto brands remains prevalent, with 669 domains detected, while Angel Drainer kits were the most used, affecting victims through wallet drains. Despite an 85.7% takedown rate, the mean registrar response time of 2803.0 hours highlights a critical gap in rapid domain deactivation.
- NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1,206 domains, necessitating immediate escalation.
- Crypto-related brands, especially Generic Crypto, are heavily targeted with 669 domains, overshadowing banking and social sectors.
- The .com TLD remains the most weaponized with 3,256 domains, followed by .xyz and .app.
- Angel Drainer kits dominate with 1,122 instances, posing significant risks of wallet drain for victims.
- US-based hosting is overwhelmingly preferred, with 6,383 domains, indicating a need for increased collaboration with US-based providers.
- The mean registrar response time of 2803.0 hours suggests inefficiencies in detection-to-takedown processes.
Top Registrars
| Registrar | Domains |
|---|---|
| NiceNIC International Group Co., Limited | 1,206 |
| Cloudflare, Inc. | 828 |
| Dynadot LLC | 784 |
| Web Commerce Communications Limited | 696 |
| NameSilo, LLC | 419 |
| Gname.com Pte. Ltd. | 394 |
| NameCheap, Inc. | 335 |
| PDR Ltd. d/b/a PublicDomainRegistry.com | 318 |
Active Drainer Kits
October 2025 Domains (8,841)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.