Overview
Jun 268,101
May 267,021
Apr 2615,633
Mar 2618,814
Feb 2642,095
Jan 268,924
Dec 2511,773
Nov 2512,578
Oct 258,841
Sep 257,306
Aug 253,788
Jul 25700
Jun 253
November 2025 Intelligence Report
42.3%
12,578
11,873
Taken Down
269
Still Live
94.4%
Kill Rate
3198h
Avg Response
9.3
Avg VT Score
In November 2025, PhishDestroy detected <strong>12,580</strong> phishing domains, marking a <strong>42.3%</strong> increase from the previous month. The takedown rate was <strong>85.4%</strong>, with <strong>1,842</strong> domains still active. Notably, <strong>Crypto Scam</strong> targeting surged with <strong>990</strong> domains, reflecting a shift towards cryptocurrency-related phishing. The mean registrar response time remains a concern at <strong>2189.3</strong> hours, indicating potential delays in domain takedowns.
- <strong>DYNADOT LLC</strong> leads registrar abuse with <strong>1,583</strong> domains, followed by <strong>Cloudflare, Inc.</strong> and <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong>.
- Crypto-related brands like <strong>Coinbase</strong> (<strong>422</strong>) and <strong>Kraken</strong> (<strong>350</strong>) are primary targets, overshadowing traditional sectors.
- The <strong>.com</strong> TLD remains the most weaponized with <strong>3,945</strong> domains, while <strong>.io</strong> and <strong>.xyz</strong> also see significant usage.
- <strong>Angel Drainer</strong> is the most prevalent kit with <strong>842</strong> instances, posing risks of wallet draining and seed theft.
- The US hosts the majority of phishing infrastructure with <strong>9,485</strong> domains, but Germany and Sweden are emerging hotspots.
- Registrar response inefficiency persists, with a mean time of <strong>2189.3</strong> hours, necessitating faster action.
Outlook
Expect continued growth in crypto-targeted phishing, particularly against platforms like <strong>Coinbase</strong> and <strong>Kraken</strong>. Registrars such as <strong>DYNADOT LLC</strong> and <strong>Cloudflare, Inc.</strong> require heightened scrutiny and faster response times. Watch for increased adoption of drainer kits like <strong>Angel Drainer</strong>, which could exacerbate financial losses for victims.
Top Registrars
| Registrar | Domains |
|---|---|
| Dynadot LLC | 2,119 |
| Cloudflare, Inc. | 1,508 |
| NiceNIC International Group Co., Limited | 1,086 |
| Web Commerce Communications Limited | 862 |
| MarkMonitor, Inc. | 579 |
| Dominet (HK) Limited | 448 |
| NameCheap, Inc. | 445 |
| Gname.com Pte. Ltd. | 437 |
Hosting Countries
Active Drainer Kits
November 2025 Domains (12,578)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.