Threat Intelligence Dashboard

August 2025 Report

Detailed threat intelligence for 3,788 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,600Total Detected

144,147Taken Down

91.6%Kill Rate

93.5%VT Coverage

45,500Abuse Reports

Overview Jun 268,072 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253

August 2025 Intelligence Report 441.1%

3,788

3,526

Taken Down

160

Still Live

93.1%

Kill Rate

5569h

Avg Response

4.3

Avg VT Score

August 2025 saw a dramatic surge in phishing domains with <strong>3,788</strong> detected, marking a <strong>441.1%</strong> increase from the previous month. The takedown rate stood at <strong>67.6%</strong>, indicating significant operational success, though the mean registrar response time remains critically high at <strong>4426.9</strong> hours. Notably, <strong>Kraken</strong> and <strong>Ledger</strong> were heavily targeted, reflecting a strategic focus on cryptocurrency brands. The prevalence of the <strong>Angel Drainer</strong> kit, implicated in <strong>220</strong> cases, underscores a persistent threat of wallet draining for victims.

<strong>N/A</strong> remains the top abuse registrar with <strong>458</strong> domains, followed by <strong>NameSilo, LLC</strong> with <strong>224</strong> domains.
Targeting of <strong>Kraken</strong> and <strong>Ledger</strong> suggests a continued emphasis on cryptocurrency rather than traditional banking.
The <strong>.com</strong> TLD was the most weaponized with <strong>1,828</strong> instances, dwarfing other TLDs like <strong>.xyz</strong> and <strong>.life</strong>.
The <strong>Angel Drainer</strong> kit led the pack, posing a significant risk of wallet draining for cryptocurrency users.
The majority of phishing infrastructure is hosted in the <strong>US</strong> with <strong>2,524</strong> domains, indicating a concentration that defenders should prioritize.
Despite a takedown rate of <strong>67.6%</strong>, the mean registrar response time of <strong>4426.9</strong> hours highlights a critical delay in mitigation efforts.

Outlook

Looking ahead to September 2025, defenders should anticipate continued targeting of cryptocurrency brands, with potential shifts towards new TLDs as attackers diversify. Registrars like <strong>N/A</strong> and <strong>NameSilo, LLC</strong> require escalated monitoring due to their high abuse concentrations. Vigilance against the <strong>Angel Drainer</strong> kit remains crucial to protect users from wallet draining threats.

Full Data on GitHub Browse All Domains Live Threats

Top Registrars

Registrar	Domains
Web Commerce Communications Limited	277
NameSilo, LLC	246
NiceNIC International Group Co., Limited	204
Dynadot LLC	189
NameCheap, Inc.	183
OwnRegistrar, Inc.	168
URL Solutions, Inc.	159
Cosmotown, Inc.	151

Targeted Brands

Brand	Domains
across	450
Kraken	167
Google	159
Ethereum	148
Ledger	139
binance	126
Base	98
aave	70

Top TLDs

Hosting Countries

Active Drainer Kits

August 2025 Domains (3,788)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of accounts.bmwweb.biz

accounts.bmwweb.biz

21 VTTaken Down

Screenshot of www.metamask.tasheeltheqa.com

www.metamask.tasheeltheqa.com

21 VTTaken Down

Screenshot of axiom-trade-platform.com

axiom-trade-platform.com

20 VTTaken Down

Screenshot of axiomtrading-platform.com

axiomtrading-platform.com

20 VTTaken Down

Screenshot of bitcoinlexipro-platform.com

bitcoinlexipro-platform.com

20 VTTaken Down

Screenshot of etherealux-ledger-tech.com

etherealux-ledger-tech.com

20 VTTaken Down

Screenshot of fixedfloat.ac

20 VTTaken Down

Screenshot of steamcommunitylog.chez.com

steamcommunitylog.chez.com

20 VTTaken Down

Screenshot of steamcomunity.aiq.ru

steamcomunity.aiq.ru

20 VTTaken Down

Screenshot of swap.swissdlt.ch

swap.swissdlt.ch

20 VTTaken Down

Screenshot of uniswap-staging.org

uniswap-staging.org

20 VTTaken Down

Screenshot of wolke-ledgerix-soft.com

wolke-ledgerix-soft.com

20 VTTaken Down

Screenshot of chainretificator.com

chainretificator.com

19 VTTaken DownWallet Connect Abuse

Screenshot of ledgerlive-assets.com

ledgerlive-assets.com

19 VTTaken Down

Screenshot of metamask88.com

19 VTTaken Down

Screenshot of 158940-coinbase.com

158940-coinbase.com

18 VTTaken Down

Screenshot of createvault-coinbase.com

createvault-coinbase.com

18 VTTaken Down

Screenshot of cstraders.net

18 VTTaken Down

Screenshot of gravitonprofitsoftware.com

gravitonprofitsoftware.com

Screenshot of login-faxplus-outlook.com

login-faxplus-outlook.com

18 VTTaken Down

Screenshot of luzia-coinex.ru

luzia-coinex.ru

18 VTTaken Down

Screenshot of mettamsukkloggoin.webflow.io

mettamsukkloggoin.webflow.io

18 VTTaken Down

Screenshot of pancakeswap.asia

pancakeswap.asia

18 VTTaken Down

Screenshot of phantomus.at

18 VTTaken Down

Screenshot of pub-8c1c14c3b0d64d0099312bb4670f2e23.r2.dev

pub-8c1c14c3b0d64d0099312bb4670f2e23.r2.dev

18 VTTaken Down

Screenshot of pub-d69c77ba755745888f5f3bae287f77ec.r2.dev

pub-d69c77ba755745888f5f3bae287f77ec.r2.dev

18 VTTaken Down

Screenshot of qr-apps-l.ink

Screenshot of steam-api.kenrich.io

steam-api.kenrich.io

18 VTTaken Down

Screenshot of steam.tzevania.com

steam.tzevania.com

18 VTTaken Down

Screenshot of steamcomunnity.cc

steamcomunnity.cc

18 VTTaken Down

Screenshot of usdtmixer.to

18 VTTaken Down

Screenshot of walletverifyauth.com

walletverifyauth.com

18 VTTaken Down

Screenshot of www-telegram.ing

www-telegram.ing

18 VTTaken Down

Screenshot of www.3011m3011.com

www.3011m3011.com

18 VTTaken Down

Screenshot of bananagun-io.com

bananagun-io.com

17 VTLiveAngel Drainer

Screenshot of bitcoin-buyer-solution.com

bitcoin-buyer-solution.com

17 VTTaken Down

Screenshot of blocksystemschain.com

blocksystemschain.com

Screenshot of edge-vaultura.com

edge-vaultura.com

Screenshot of eth-mixers.to

17 VTTaken Down

Screenshot of fndedtrdplus.com

fndedtrdplus.com

17 VTTaken Down

Screenshot of hellobitd.com

17 VTTaken Down

Screenshot of ledger-live-secure.com

ledger-live-secure.com

17 VTTaken Down

Screenshot of ledgerprovisionlive.com

ledgerprovisionlive.com

17 VTTaken Down

Screenshot of ledgeruserprotectlive.com

ledgeruserprotectlive.com

17 VTTaken Down

Screenshot of ledgerusersupportlive.com

ledgerusersupportlive.com

17 VTTaken Down

Screenshot of mtamsaklohgin.webflow.io

mtamsaklohgin.webflow.io

17 VTTaken Down

Screenshot of muse-apple.netlify.app

muse-apple.netlify.app

Screenshot of netflix-gpt-609e2.firebaseapp.com

netflix-gpt-609e2.firebaseapp.com

17 VTTaken Down

Screenshot of onlydotas2.hop.ru

onlydotas2.hop.ru

17 VTTaken Down

Screenshot of pub-35312b95baf4482f8dd1d6c35e6943a1.r2.dev

pub-35312b95baf4482f8dd1d6c35e6943a1.r2.dev

17 VTTaken Down

Screenshot of pub-a77375725cbe4ebebbbb725baa062262.r2.dev

pub-a77375725cbe4ebebbbb725baa062262.r2.dev

17 VTTaken Down

Screenshot of stackrectify.com

stackrectify.com

Screenshot of suite.tem3.io

17 VTTaken Down

Screenshot of tetheraudit-bot.com

tetheraudit-bot.com

17 VTTaken Down

Screenshot of tronssan.github.io

tronssan.github.io

Screenshot of twitchdrops.cc

17 VTTaken Down

Screenshot of uniswap30.vip

17 VTTaken DownWallet Connect Abuse

Screenshot of web.pancake.run

web.pancake.run

17 VTTaken DownWallet Connect Abuse

Screenshot of www.blocksystemschain.com

www.blocksystemschain.com

Screenshot of 762359-coinbase.com

762359-coinbase.com

16 VTTaken Down

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,600+ domains with security reports

Live Threats

13,143 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence