Overview
May 263,637
Apr 2615,640
Mar 2618,819
Feb 2642,098
Jan 268,930
Dec 2511,773
Nov 2512,579
Oct 258,841
Sep 257,307
Aug 253,788
Jul 25700
Jun 254
September 2025 Intelligence Report
92.9%
7,307
5,259
Taken Down
1,923
Still Live
72%
Kill Rate
4533h
Avg Response
4.7
Avg VT Score
In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.
- N/A leads in registrar abuse with 819 domains, followed closely by NICENIC INTERNATIONAL GROUP CO., LIMITED with 721 domains.
- Crypto brands like Generic Crypto and SushiSwap were heavily targeted, overshadowing traditional sectors like banking.
- The .com TLD remains the most weaponized with 2,561 domains, while .xyz and .live show growing abuse.
- The Angel Drainer kit was used in 1,120 incidents, indicating a focus on wallet draining and seed theft.
- The US hosts the majority of phishing infrastructure with 5,931 domains, but there is notable activity in Germany and Netherlands.
- Detection-to-takedown efficiency remains challenged with a mean response time of 3,828.5 hours, necessitating faster registrar actions.
Outlook
Expect continued emphasis on crypto-targeted phishing, with potential diversification in drainer kit variants. Watch for increased activity from registrars like N/A and NICENIC INTERNATIONAL GROUP CO., LIMITED, which may require escalation. Defenders should prepare for heightened phishing activity around key crypto events and ensure rapid response capabilities.
Top Registrars
| Registrar | Domains |
|---|---|
| NiceNIC International Group Co., Limited | 771 |
| Web Commerce Communications Limited | 677 |
| PDR Ltd. d/b/a PublicDomainRegistry.com | 592 |
| Dynadot LLC | 549 |
| NameSilo, LLC | 510 |
| OwnRegistrar, Inc. | 365 |
| NameCheap, Inc. | 362 |
| Cloudflare, Inc. | 325 |
Active Drainer Kits
September 2025 Domains (7,307)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.