Threat Intelligence Dashboard

August 2025 Report

Detailed threat intelligence for 3,788 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected

144,287Taken Down

91.7%Kill Rate

93.5%VT Coverage

45,507Abuse Reports

Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253

August 2025 Intelligence Report 441.1%

3,788

3,522

Taken Down

164

Still Live

93%

Kill Rate

5569h

Avg Response

4.3

Avg VT Score

August 2025 saw a dramatic surge in phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>Kraken</strong> and <strong>Ledger</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

<strong>N/A</strong> remains the top abuse registrar with <strong>458</strong> domains, followed by <strong>NameSilo, LLC</strong> with <strong>224</strong> domains.
Targeting of <strong>Kraken</strong> and <strong>Ledger</strong> suggests a continued emphasis on cryptocurrency rather than traditional banking.
The <strong>.com</strong> TLD was the most weaponized with <strong>1,828</strong> instances, dwarfing other TLDs like <strong>.xyz</strong> and <strong>.life</strong>.
The <strong>Angel Drainer</strong> kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
The majority of phishing infrastructure is hosted in the <strong>US</strong> with <strong>2,524</strong> domains, indicating a concentration that defenders should prioritize.
Despite a takedown rate of <strong>67.6%</strong>, the mean registrar response time of <strong>4426.9</strong> hours highlights a critical delay in mitigation efforts.

Outlook

Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like <strong>N/A</strong> and <strong>NameSilo, LLC</strong> require escalated monitoring due to their high abuse concentrations. Vigilance against the <strong>Angel Drainer</strong> kit remains crucial to protect users from wallet draining threats.

Full Data on GitHub Browse All Domains Live Threats

Top Registrars

Registrar	Domains
Web Commerce Communications Limited	277
NameSilo, LLC	246
NiceNIC International Group Co., Limited	204
Dynadot LLC	189
NameCheap, Inc.	183
OwnRegistrar, Inc.	168
URL Solutions, Inc.	159
Cosmotown, Inc.	151

Targeted Brands

Brand	Domains
across	450
Kraken	167
Google	159
Ethereum	148
Ledger	139
binance	126
Base	98
aave	70

Top TLDs

Hosting Countries

Active Drainer Kits

August 2025 Domains (3,788)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of ethereumixer.to

ethereumixer.to

15 VTTaken Down

Screenshot of firstunionbk.com

firstunionbk.com

Screenshot of flarenetworkxrp-claim.com

flarenetworkxrp-claim.com

15 VTTaken Down

Screenshot of imtokenam.com

15 VTTaken Down

Screenshot of intholdfinances.com

intholdfinances.com

15 VTTaken Down

Screenshot of ledger-online-wallet.com

ledger-online-wallet.com

15 VTTaken Down

Screenshot of ltc-mixers.to

15 VTTaken Down

Screenshot of metaamaskerlogin.webflow.io

metaamaskerlogin.webflow.io

15 VTTaken Down

Screenshot of metropolisfinb.com

metropolisfinb.com

15 VTTaken Down

Screenshot of mullvadd.com

15 VTTaken Down

Screenshot of pancakeswap-dex.com

pancakeswap-dex.com

15 VTTaken DownSolana Drainer

Screenshot of phalton.com

15 VTTaken Down

Screenshot of repair-coinbase.com

repair-coinbase.com

15 VTTaken Down

Screenshot of roblox.com.gy

Screenshot of secure-memasklogin.typedream.app

secure-memasklogin.typedream.app

15 VTTaken Down

Screenshot of steam.mmosvc.com

steam.mmosvc.com

15 VTTaken Down

Screenshot of telegramaem.com

telegramaem.com

15 VTTaken Down

Screenshot of telegramamr.com

telegramamr.com

15 VTTaken Down

Screenshot of telegrammun.com

telegrammun.com

15 VTTaken Down

Screenshot of tonlucky.net

15 VTTaken Down

Screenshot of uniswap.com.co

15 VTTaken Down

Screenshot of validatemain-net.com

validatemain-net.com

15 VTTaken Down

Screenshot of web-extnsion-metmmask.typedream.app

web-extnsion-metmmask.typedream.app

15 VTTaken Down

Screenshot of web-orbliter.fi

web-orbliter.fi

15 VTTaken Down

Screenshot of www-safepal.net

www-safepal.net

15 VTTaken Down

Screenshot of www.50050041.com

www.50050041.com

15 VTTaken Down

Screenshot of www.evmsecureconnect.com

www.evmsecureconnect.com

15 VTTaken Down

Screenshot of yongzhou.pilot45.com

yongzhou.pilot45.com

15 VTTaken Down

Screenshot of zorabridge.app

15 VTTaken DownWallet Connect Abuse

Screenshot of 0pensea.cn

14 VTTaken Down

Screenshot of 1ittlepepe.com

14 VTTaken DownAngel Drainer

Screenshot of airdrop-onbasebrian.com

airdrop-onbasebrian.com

14 VTTaken DownAngel Drainer

Screenshot of amparadapp.live

amparadapp.live

14 VTTaken Down

Screenshot of appgallery.phantomme.live

appgallery.phantomme.live

14 VTTaken Down

Screenshot of assetscenturybk.com

assetscenturybk.com

14 VTTaken Down

Screenshot of bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link

bafybeibtcfgrhknlfhnz2c5cddfnsoje4dumrc3wsyoikx2pwuf6fbcsr4.ipfs.dweb.link

14 VTTaken DownWallet Connect Abuse

Screenshot of binance123.com

14 VTTaken Down

Screenshot of binancelink.net

binancelink.net

14 VTTaken Down

Screenshot of bitspronix.com

14 VTTaken Down

Screenshot of blockshieldtech.com

blockshieldtech.com

14 VTTaken Down

Screenshot of browser-coinbase-xtension.typedream.app

browser-coinbase-xtension.typedream.app

14 VTTaken Down

Screenshot of caixabankeur.com

caixabankeur.com

14 VTTaken Down

Screenshot of captixb.com

14 VTTaken Down

Screenshot of cargo.xtransithaulers.com

cargo.xtransithaulers.com

14 VTTaken Down

Screenshot of check-amlofficial.com

check-amlofficial.com

14 VTTaken Down

Screenshot of claimmemesolana.firebaseapp.com

claimmemesolana.firebaseapp.com

Screenshot of coin-qr.to

14 VTTaken Down

Screenshot of cryptocurrency-tumbler.to

cryptocurrency-tumbler.to

14 VTTaken Down

Screenshot of customers-coinbase.com

customers-coinbase.com

14 VTTaken Down

Screenshot of dexintegrations.netlify.app

dexintegrations.netlify.app

14 VTTaken Down

Screenshot of dogsairdrop.live

dogsairdrop.live

14 VTTaken DownWallet Connect Abuse

Screenshot of elite-futurestradinglt.com

elite-futurestradinglt.com

14 VTTaken Down

Screenshot of event-wlfi.info

event-wlfi.info

14 VTTaken Down

Screenshot of fortifib.com

14 VTTaken Down

Screenshot of guildcheck.net

14 VTTaken Down

Screenshot of imtokenan.com

14 VTTaken Down

Screenshot of imtokenay.com

14 VTTaken Down

Screenshot of info-debank.com

info-debank.com

14 VTTaken Down

Screenshot of kaspawallet.net

kaspawallet.net

14 VTTaken Down

Screenshot of kucoinpori.com

14 VTTaken Down

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence