Threat Intelligence Dashboard

August 2025 Report

Detailed threat intelligence for 3,788 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,630Total Detected

144,287Taken Down

91.7%Kill Rate

93.5%VT Coverage

45,507Abuse Reports

Overview Jun 268,102 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253

August 2025 Intelligence Report 441.1%

3,788

3,522

Taken Down

164

Still Live

93%

Kill Rate

5569h

Avg Response

4.3

Avg VT Score

August 2025 saw a dramatic surge in phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>Kraken</strong> and <strong>Ledger</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

<strong>N/A</strong> remains the top abuse registrar with <strong>458</strong> domains, followed by <strong>NameSilo, LLC</strong> with <strong>224</strong> domains.
Targeting of <strong>Kraken</strong> and <strong>Ledger</strong> suggests a continued emphasis on cryptocurrency rather than traditional banking.
The <strong>.com</strong> TLD was the most weaponized with <strong>1,828</strong> instances, dwarfing other TLDs like <strong>.xyz</strong> and <strong>.life</strong>.
The <strong>Angel Drainer</strong> kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
The majority of phishing infrastructure is hosted in the <strong>US</strong> with <strong>2,524</strong> domains, indicating a concentration that defenders should prioritize.
Despite a takedown rate of <strong>67.6%</strong>, the mean registrar response time of <strong>4426.9</strong> hours highlights a critical delay in mitigation efforts.

Outlook

Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like <strong>N/A</strong> and <strong>NameSilo, LLC</strong> require escalated monitoring due to their high abuse concentrations. Vigilance against the <strong>Angel Drainer</strong> kit remains crucial to protect users from wallet draining threats.

Full Data on GitHub Browse All Domains Live Threats

Top Registrars

Registrar	Domains
Web Commerce Communications Limited	277
NameSilo, LLC	246
NiceNIC International Group Co., Limited	204
Dynadot LLC	189
NameCheap, Inc.	183
OwnRegistrar, Inc.	168
URL Solutions, Inc.	159
Cosmotown, Inc.	151

Targeted Brands

Brand	Domains
across	450
Kraken	167
Google	159
Ethereum	148
Ledger	139
binance	126
Base	98
aave	70

Top TLDs

Hosting Countries

Active Drainer Kits

August 2025 Domains (3,788)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of ledger-securehelp.com

ledger-securehelp.com

14 VTTaken Down

Screenshot of ledgernederland.com

ledgernederland.com

14 VTTaken Down

Screenshot of ledgeruserissuelive.com

ledgeruserissuelive.com

14 VTTaken Down

Screenshot of ledgerwebsolution.com

ledgerwebsolution.com

14 VTTaken Down

Screenshot of lianshui.pilot45.com

lianshui.pilot45.com

14 VTTaken Down

Screenshot of llamasaswap.com

llamasaswap.com

14 VTTaken Down

Screenshot of my-exodus.co.uk

my-exodus.co.uk

Screenshot of nymelonb.com

14 VTTaken Down

Screenshot of pngclaimhub.com

pngclaimhub.com

Screenshot of qfs-ledger.us

14 VTTaken Down

Screenshot of resolvernode.firebaseapp.com

resolvernode.firebaseapp.com

14 VTTaken Down

Screenshot of resolvernode.web.app

resolvernode.web.app

14 VTTaken Down

Screenshot of ripplereal.com

14 VTTaken Down

Screenshot of roblox.com.bo

14 VTTaken Down

Screenshot of solayerlabs.foundation

solayerlabs.foundation

14 VTTaken Down

Screenshot of staencommunity.com

staencommunity.com

14 VTTaken Down

Screenshot of stonfi-swap.com

stonfi-swap.com

14 VTTaken Down

Screenshot of trezor.io-app.run

trezor.io-app.run

14 VTTaken Down

Screenshot of trezorupdate.live

trezorupdate.live

14 VTTaken Down

Screenshot of uniswap-dex.org

uniswap-dex.org

14 VTTaken Down

Screenshot of uth---sso---kucon--index.webflow.io

uth---sso---kucon--index.webflow.io

14 VTTaken Down

Screenshot of verification-help.netlify.app

verification-help.netlify.app

14 VTTaken Down

Screenshot of www.machelp.cloud

www.machelp.cloud

14 VTTaken DownAngel Drainer

Screenshot of www.orient.globalshippingservices.live

www.orient.globalshippingservices.live

14 VTTaken Down

Screenshot of activatednet.com

activatednet.com

13 VTTaken Down

Screenshot of apptreezorsuite.github.io

apptreezorsuite.github.io

13 VTTaken Down

Screenshot of bafybeiaww6ymqhro76hrjq6l5h4ninbd2hn7ysd6vsyffswhvg5btz4vb4.ipfs.dweb.link

bafybeiaww6ymqhro76hrjq6l5h4ninbd2hn7ysd6vsyffswhvg5btz4vb4.ipfs.dweb.link

13 VTTaken Down

Screenshot of bectelinvestment.com

bectelinvestment.com

13 VTTaken Down

Screenshot of britishmincm.com

britishmincm.com

13 VTTaken Down

Screenshot of cavaflexmega.com.fastearnersfx.com

cavaflexmega.com.fastearnersfx.com

Screenshot of checkwlfieligiblity.xyz

checkwlfieligiblity.xyz

13 VTTaken DownAngel Drainer

Screenshot of cirsclientsaccess.com

cirsclientsaccess.com

13 VTTaken Down

Screenshot of clpi.alpikor.de

clpi.alpikor.de

13 VTTaken Down

Screenshot of coinbase-capital.com

coinbase-capital.com

13 VTTaken Down

Screenshot of convexfinance.org

convexfinance.org

13 VTTaken Down

Screenshot of corecargologistics.com

corecargologistics.com

13 VTTaken Down

Screenshot of corn-staging.com

corn-staging.com

13 VTTaken Down

Screenshot of cvoltcap.com

13 VTTaken Down

Screenshot of dappactivationpanel.pro

dappactivationpanel.pro

13 VTTaken Down

Screenshot of debank.team

Screenshot of defilcama.com

13 VTTaken Down

Screenshot of defiliiama.com

13 VTTaken Down

Screenshot of digitalconsultinggroup.my

digitalconsultinggroup.my

13 VTTaken Down

Screenshot of eth-qr.to

13 VTTaken Down

Screenshot of ethereum-mixer.top

ethereum-mixer.top

13 VTTaken Down

Screenshot of excaptradefx.com

excaptradefx.com

13 VTTaken Down

Screenshot of farossonglobaltrade.ltd

farossonglobaltrade.ltd

13 VTTaken Down

Screenshot of fetchprotocol.com

fetchprotocol.com

13 VTTaken Down

Screenshot of financialsjustice.com

financialsjustice.com

13 VTTaken Down

Screenshot of firstglobalmarket.com

firstglobalmarket.com

13 VTTaken Down

Screenshot of flagtrusts.com

13 VTTaken Down

Screenshot of flrasset-trustline.org

flrasset-trustline.org

13 VTTaken Down

Screenshot of germany-ledger.com

germany-ledger.com

13 VTTaken Down

Screenshot of globalbit.info

13 VTTaken Down

Screenshot of globalshippingservices.live

globalshippingservices.live

13 VTTaken Down

Screenshot of holddex.com

13 VTTaken Down

Screenshot of icapitaltrade.pro

icapitaltrade.pro

13 VTTaken Down

Screenshot of idexbase.com

13 VTTaken Down

Screenshot of inovarisepro-ai.com

inovarisepro-ai.com

13 VTTaken Down

Screenshot of koinpark-login.com

koinpark-login.com

13 VTTaken Down

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,630+ domains with security reports

Live Threats

13,024 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence