Threat Intelligence Dashboard

November 2025 Report

Detailed threat intelligence for 12,579 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
November 2025 Intelligence Report 42.3%
12,579
6,777
Taken Down
5,386
Still Live
53.9%
Kill Rate
2608h
Avg Response
9.3
Avg VT Score

In November 2025, PhishDestroy detected 12,580 phishing domains, marking a 42.3% increase from the previous month. The takedown rate was 85.4%, with 1,842 domains still active. Notably, Crypto Scam targeting surged with 990 domains, reflecting a shift towards cryptocurrency-related phishing. The mean registrar response time remains a concern at 2189.3 hours, indicating potential delays in domain takedowns.

  • DYNADOT LLC leads registrar abuse with 1,583 domains, followed by Cloudflare, Inc. and NICENIC INTERNATIONAL GROUP CO., LIMITED.
  • Crypto-related brands like Coinbase (422) and Kraken (350) are primary targets, overshadowing traditional sectors.
  • The .com TLD remains the most weaponized with 3,945 domains, while .io and .xyz also see significant usage.
  • Angel Drainer is the most prevalent kit with 842 instances, posing risks of wallet draining and seed theft.
  • The US hosts the majority of phishing infrastructure with 9,485 domains, but Germany and Sweden are emerging hotspots.
  • Registrar response inefficiency persists, with a mean time of 2189.3 hours, necessitating faster action.
Outlook
Expect continued growth in crypto-targeted phishing, particularly against platforms like Coinbase and Kraken. Registrars such as DYNADOT LLC and Cloudflare, Inc. require heightened scrutiny and faster response times. Watch for increased adoption of drainer kits like Angel Drainer, which could exacerbate financial losses for victims.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
Dynadot LLC 2,119
Cloudflare, Inc. 1,508
NiceNIC International Group Co., Limited 1,086
Web Commerce Communications Limited 862
MarkMonitor, Inc. 579
Dominet (HK) Limited 448
NameCheap, Inc. 446
Gname.com Pte. Ltd. 437

Targeted Brands

BrandDomains
gmail 1,162
Crypto Casino / Gambling 955
Google 602
across 546
Coinbase 503
Kraken 380
MetaMask 324
Ethereum 323

Top TLDs

.com3,944 .io643 .xyz634 .app578 .ru432 .sbs419 .dev384 .cfd363

Hosting Countries

🇺🇸 US9,546 🇩🇪 DE1,015 🇸🇪 SE395 🇳🇱 NL326 🇭🇰 HK224 🇷🇺 RU182 🇫🇷 FR79 🇺🇦 UA76

Active Drainer Kits

Angel Drainer842 Wallet Connect Abuse453 Solana Drainer359 Ice Phishing6 Inferno Drainer1

November 2025 Domains (12,579)

Sorted by VirusTotal detections. Click any domain for full security report.

metuumaskwallat.webflow.io
20 VTTaken Down
micro365.live
20 VTTaken Down
microsoft-landing-page-wine.vercel.app
20 VTLive
mr-hasnainraza.github.io
20 VTTaken Down
netflixfw54.rollout.site
20 VTTaken Down
phanowallet.org
20 VT
platform-terms-and-accountability.pages.dev
20 VTLive
produbancocreditos.netlify.app
20 VTTaken Down
reserved-customers-742084.framer.app
20 VTTaken Down
roboux2025.netlify.app
20 VTLive
sbbin.vercel.app
20 VTTaken Down
secure-sqare-authh.typedream.app
20 VTTaken Down
sgin9-alibaba.mdbgo.io
20 VTTaken Down
shop.tkjsonlin.cc
20 VTLive
stunning-octo-fiesta.vercel.app
20 VTTaken Down
suncoust.click
20 VTLive
upohold-logiinus.godaddysites.com
20 VTTaken Down
usersignup.agency-partner-register.com
20 VTLive
verificacao.7gamesbr.link
20 VTTaken Down
vozanosports.com
20 VTLive
web-sso-coinbase-app.square.site
20 VTTaken Down
whatsappget.com
20 VTTaken Down
www3-vpass.cjmvx.cn
20 VTLive
www3-vpass.godqo.cn
20 VTTaken Down
www3-vpass.nbeec.cn
20 VTLive
ymsox.com
20 VTLive
zh-whatsappweb-co.com.cn
20 VTLive
ziply.pk
20 VT
zs7421.com
20 VT
163-5-109-112.cprapid.com
19 VTTaken Down
212311.netlify.app
19 VTTaken Down
365hty1.vip
19 VTLive
38nxtbzi.union-label.com
19 VTLive
5smdr2nw.at-the-lake.com
19 VTLive
692799de4101b667ac2c.appwrite.network
19 VTLive
806xpj.com
19 VTTaken Down
85-215-175-92.cprapid.com
19 VTTaken Down
aad.ttkshop22.vip
19 VTLive
acc-integrity-check-centre.pages.dev
19 VTLive
accountcenter-docuplexa-dsa1509xz.netlify.app
19 VTLive
accshomecnfrm0log.github.io
19 VTLive
aigle-insightstreamsoft.com
19 VTTaken Down
ak.core-service.my.id
19 VTTaken Down
akunkerjaonline.com
19 VTTaken Down
amazon-io.vercel.app
19 VTLive
amber-trace.pages.dev
19 VTLive
animocabrands.page
19 VTTaken DownWallet Connect Abuse
annuler-connexion.com
19 VTTaken Down
app-cowsw-c1.top
19 VTLiveAngel Drainer
app.trezoriosstart.com
19 VTTaken Down
aqif567gg.github.io
19 VTLive
assistance-amelienligne.com
19 VTLive
auth--bitbuy-cda--cdn-azure.dora.run
19 VTTaken Down
b45061.com
19 VTTaken Down
bafkreie4pdizjo3n36fx25nbqcvazgntc3ib5zxygqe6ewmxz2tw5wognm.ipfs.dweb.link
19 VTTaken Down
bafybeibi3azpv4l5jnrkaudilpvkqxjtdhpateq642uaous4mckedowr3u.ipfs.dweb.link
19 VTTaken Down
bafybeiguc2wldadcecll4xc5ikl6xkbl2vb5tu4pq2vmr6prjcls4oogiy.ipfs.dweb.link
19 VTLive
bellsouth-att-signing-b613f6.webflow.io
19 VTTaken Down
branch-main-9dfef01.appwrite.network
19 VTLive
breathtaking-intend-971835.framer.app
19 VTTaken Down
« Prev 1 2 3 4 5 6 7 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence