Threat Intelligence Dashboard

August 2025 Report

Detailed threat intelligence for 3,788 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected
144,287Taken Down
91.7%Kill Rate
93.5%VT Coverage
45,507Abuse Reports
Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
August 2025 Intelligence Report 441.1%
3,788
3,522
Taken Down
164
Still Live
93%
Kill Rate
5569h
Avg Response
4.3
Avg VT Score

August 2025 saw a dramatic surge in phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>Kraken</strong> and <strong>Ledger</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

  • <strong>N/A</strong> remains the top abuse registrar with <strong>458</strong> domains, followed by <strong>NameSilo, LLC</strong> with <strong>224</strong> domains.
  • Targeting of <strong>Kraken</strong> and <strong>Ledger</strong> suggests a continued emphasis on cryptocurrency rather than traditional banking.
  • The <strong>.com</strong> TLD was the most weaponized with <strong>1,828</strong> instances, dwarfing other TLDs like <strong>.xyz</strong> and <strong>.life</strong>.
  • The <strong>Angel Drainer</strong> kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
  • The majority of phishing infrastructure is hosted in the <strong>US</strong> with <strong>2,524</strong> domains, indicating a concentration that defenders should prioritize.
  • Despite a takedown rate of <strong>67.6%</strong>, the mean registrar response time of <strong>4426.9</strong> hours highlights a critical delay in mitigation efforts.
Outlook
Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like <strong>N/A</strong> and <strong>NameSilo, LLC</strong> require escalated monitoring due to their high abuse concentrations. Vigilance against the <strong>Angel Drainer</strong> kit remains crucial to protect users from wallet draining threats.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
Web Commerce Communications Limited 277
NameSilo, LLC 246
NiceNIC International Group Co., Limited 204
Dynadot LLC 189
NameCheap, Inc. 183
OwnRegistrar, Inc. 168
URL Solutions, Inc. 159
Cosmotown, Inc. 151

Targeted Brands

BrandDomains
across 450
Kraken 167
Google 159
Ethereum 148
Ledger 139
binance 126
Base 98
aave 70

Top TLDs

.com1,828 .xyz177 .life165 .app153 .org143 .top133 .live109 .net102

Hosting Countries

🇺🇸 US2,619 🇩🇪 DE278 🇷🇺 RU193 🇳🇱 NL157 🇨🇭 CH101 AE89 🇭🇰 HK56 🇺🇦 UA38

Active Drainer Kits

Angel Drainer220 Wallet Connect Abuse95 Solana Drainer31 Ice Phishing7 Inferno Drainer1

August 2025 Domains (3,788)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of aa.stnred2.sa.com
aa.stnred2.sa.com
16 VTTaken Down
Screenshot of aerocoin.xyz
aerocoin.xyz
16 VTTaken DownWallet Connect Abuse
Screenshot of app.kybcrswap.com-g3.shop
app.kybcrswap.com-g3.shop
16 VTTaken Down
Screenshot of binance--us.com
binance--us.com
16 VTTaken Down
Screenshot of btc-tumbler.to
btc-tumbler.to
16 VTTaken Down
Screenshot of coinexapp.ru
coinexapp.ru
16 VTTaken Down
Screenshot of cow-swop.org
cow-swop.org
16 VTTaken Down
Screenshot of detifuna.net
detifuna.net
16 VTTaken Down
Screenshot of dextoolwallets.on.fleek.co
dextoolwallets.on.fleek.co
16 VTTaken Down
Screenshot of dot-io.cc
dot-io.cc
16 VT
Screenshot of eth-qr-code.com
eth-qr-code.com
16 VTTaken Down
Screenshot of ethereum-mixers.to
ethereum-mixers.to
16 VTTaken Down
Screenshot of gambwin.com
gambwin.com
16 VTTaken Down
Screenshot of game-official.midasbuy-page.com
game-official.midasbuy-page.com
16 VTTaken Down
Screenshot of hyperliquid.gg
hyperliquid.gg
16 VTTaken Down
Screenshot of impactxconnect.com
impactxconnect.com
16 VTTaken DownWallet Connect Abuse
Screenshot of imtokenas.com
imtokenas.com
16 VTTaken Down
Screenshot of ltc-qr.to
ltc-qr.to
16 VTTaken Down
Screenshot of metamasklogiinu.webflow.io
metamasklogiinu.webflow.io
16 VTTaken Down
Screenshot of metamkerloginsn.webflow.io
metamkerloginsn.webflow.io
16 VTTaken Down
Screenshot of mrbeast-xbet.world
mrbeast-xbet.world
16 VTTaken Down
Screenshot of netflixgpt-66e93.firebaseapp.com
netflixgpt-66e93.firebaseapp.com
16 VTTaken Down
Screenshot of netflixgpt-98554.web.app
netflixgpt-98554.web.app
16 VTLive
Screenshot of okamzity-nerix.com
okamzity-nerix.com
16 VTTaken Down
Screenshot of phantomstakevault.com.prime-vaultaccess.com
phantomstakevault.com.prime-vaultaccess.com
16 VTTaken Down
Screenshot of pub-50f6be4f4c494888b25f632fad312d3b.r2.dev
pub-50f6be4f4c494888b25f632fad312d3b.r2.dev
16 VTTaken Down
Screenshot of robiox.com.ua
robiox.com.ua
16 VTTaken Down
Screenshot of secure-ledger-auth--help.webflow.io
secure-ledger-auth--help.webflow.io
16 VTTaken Down
Screenshot of spotify-clone-luigi-iossa.netlify.app
spotify-clone-luigi-iossa.netlify.app
16 VTTaken Down
Screenshot of steamcommunity.vov.ru
steamcommunity.vov.ru
16 VTTaken Down
Screenshot of sterlhorizonltd.com
sterlhorizonltd.com
16 VTTaken Down
Screenshot of telegrameim.com
telegrameim.com
16 VTTaken Down
Screenshot of ton-exchange-swap.com
ton-exchange-swap.com
16 VTTaken Down
Screenshot of ton-mixer.to
ton-mixer.to
16 VTLive
Screenshot of uniswap-exchange.click
uniswap-exchange.click
16 VTTaken Down
Screenshot of usdt-qrcode-generator.com
usdt-qrcode-generator.com
16 VTTaken Down
Screenshot of validateonmainnet.firebaseapp.com
validateonmainnet.firebaseapp.com
16 VTTaken Down
Screenshot of walletconnectauth.com
walletconnectauth.com
16 VTTaken Down
Screenshot of www-defliama.com
www-defliama.com
16 VTTaken Down
Screenshot of 105633111.com
105633111.com
15 VTTaken Down
Screenshot of 68uv.pilot45.com
68uv.pilot45.com
15 VTTaken Down
Screenshot of ai-uniswaps.web.app
ai-uniswaps.web.app
15 VTTaken Down
Screenshot of airdropzclaim.com
airdropzclaim.com
15 VTTaken Down
Screenshot of app-renzoprotocol.network
app-renzoprotocol.network
15 VTTaken DownWallet Connect Abuse
Screenshot of apple-with-bootstrap.netlify.app
apple-with-bootstrap.netlify.app
15 VTTaken Down
Screenshot of appsextension.live
appsextension.live
15 VTTaken Down
Screenshot of apptrustwallet.com
apptrustwallet.com
15 VTTaken Down
Screenshot of aspfinshares.com
aspfinshares.com
15 VTTaken Down
Screenshot of axisledger.live
axisledger.live
15 VTTaken Down
Screenshot of bafybeibkhz4elzra2dauacvdzm6x2j5t3ow2n2z6ki6pftcjuis6ozi56e.ipfs.dweb.link
bafybeibkhz4elzra2dauacvdzm6x2j5t3ow2n2z6ki6pftcjuis6ozi56e.ipfs.dweb.link
15 VTTaken Down
Screenshot of bafybeidyjhvudof62jn7o6746utfllknvl4kx5wgemf6iorsmigz3lzvja.ipfs.dweb.link
bafybeidyjhvudof62jn7o6746utfllknvl4kx5wgemf6iorsmigz3lzvja.ipfs.dweb.link
15 VTTaken Down
Screenshot of bnkni.com
bnkni.com
15 VTTaken Down
Screenshot of btc-qrs.to
btc-qrs.to
15 VTTaken Down
Screenshot of chainlist.xyz
chainlist.xyz
15 VTTaken Down
Screenshot of chase-bnk.com
chase-bnk.com
15 VTTaken Down
Screenshot of coinbase.cod-cupon.ro
coinbase.cod-cupon.ro
15 VTTaken Down
Screenshot of coinbaseoc.com
coinbaseoc.com
15 VTTaken Down
Screenshot of confirmar-live-ou1look01.weebly.com
confirmar-live-ou1look01.weebly.com
15 VT
Screenshot of defidappsrestore.web.app
defidappsrestore.web.app
15 VTLive
Screenshot of dpln-quete.com
dpln-quete.com
15 VTTaken Down
« Prev 1 2 3 4 5 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence