Overview
May 263,501
Apr 2615,640
Mar 2618,819
Feb 2642,098
Jan 268,930
Dec 2511,773
Nov 2512,579
Oct 258,841
Sep 257,307
Aug 253,788
Jul 25700
Jun 254
August 2025 Intelligence Report
441.1%
3,788
2,673
Taken Down
1,009
Still Live
70.6%
Kill Rate
5139h
Avg Response
4.3
Avg VT Score
August 2025 saw a dramatic surge in phishing domains with 3,788 detected, marking a 441.1% increase from the previous month. The takedown rate stood at 67.6%, indicating significant operational success, though the mean registrar response time remains critically high at 4426.9 hours. Notably, Kraken and Ledger were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the Angel Drainer kit, implicated in 220 cases, underscores a persistent threat of wallet draining for victims.
- N/A remains the top abuse registrar with 458 domains, followed by NameSilo, LLC with 224 domains.
- Targeting of Kraken and Ledger suggests a continued emphasis on cryptocurrency rather than traditional banking.
- The .com TLD was the most weaponized with 1,828 instances, dwarfing other TLDs like .xyz and .life.
- The Angel Drainer kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
- The majority of phishing infrastructure is hosted in the US with 2,524 domains, indicating a concentration that defenders should prioritize.
- Despite a takedown rate of 67.6%, the mean registrar response time of 4426.9 hours highlights a critical delay in mitigation efforts.
Outlook
Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like N/A and NameSilo, LLC require escalated monitoring due to their high abuse concentrations. Vigilance against the Angel Drainer kit remains crucial to protect users from wallet draining threats.
Top Registrars
| Registrar | Domains |
|---|---|
| Web Commerce Communications Limited | 277 |
| NameSilo, LLC | 245 |
| NiceNIC International Group Co., Limited | 204 |
| Dynadot LLC | 189 |
| NameCheap, Inc. | 183 |
| OwnRegistrar, Inc. | 168 |
| URL Solutions, Inc. | 159 |
| Cosmotown, Inc. | 151 |
Active Drainer Kits
August 2025 Domains (3,788)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.