Threat Intelligence Dashboard

September 2025 Report

Detailed threat intelligence for 7,307 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

149,386Total Detected
107,138Taken Down
75.6%Kill Rate
92.5%VT Coverage
39,814Abuse Reports
Overview May 263,640 Apr 2615,640 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
September 2025 Intelligence Report 92.9%
7,307
5,259
Taken Down
1,923
Still Live
72%
Kill Rate
4533h
Avg Response
4.7
Avg VT Score

In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.

  • N/A leads in registrar abuse with 819 domains, followed closely by NICENIC INTERNATIONAL GROUP CO., LIMITED with 721 domains.
  • Crypto brands like Generic Crypto and SushiSwap were heavily targeted, overshadowing traditional sectors like banking.
  • The .com TLD remains the most weaponized with 2,561 domains, while .xyz and .live show growing abuse.
  • The Angel Drainer kit was used in 1,120 incidents, indicating a focus on wallet draining and seed theft.
  • The US hosts the majority of phishing infrastructure with 5,931 domains, but there is notable activity in Germany and Netherlands.
  • Detection-to-takedown efficiency remains challenged with a mean response time of 3,828.5 hours, necessitating faster registrar actions.
Outlook
Expect continued emphasis on crypto-targeted phishing, with potential diversification in drainer kit variants. Watch for increased activity from registrars like N/A and NICENIC INTERNATIONAL GROUP CO., LIMITED, which may require escalation. Defenders should prepare for heightened phishing activity around key crypto events and ensure rapid response capabilities.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 771
Web Commerce Communications Limited 677
PDR Ltd. d/b/a PublicDomainRegistry.com 592
Dynadot LLC 549
NameSilo, LLC 510
OwnRegistrar, Inc. 365
NameCheap, Inc. 362
Cloudflare, Inc. 325

Targeted Brands

BrandDomains
across 737
SushiSwap 398
Airdrop Scam 271
Solana 270
ethereum 210
Ledger 201
binance 178
metamask 155

Top TLDs

.com2,561 .xyz748 .live390 .app335 .org315 .net190 .top178 .io133

Hosting Countries

🇺🇸 US5,993 🇩🇪 DE316 🇳🇱 NL192 🇷🇺 RU100 🇭🇰 HK74 🇬🇧 GB58 🇨🇦 CA44 FI39

Active Drainer Kits

Angel Drainer1,120 Solana Drainer332 Wallet Connect Abuse305 Ice Phishing12 Inferno Drainer5

September 2025 Domains (7,307)

Sorted by VirusTotal detections. Click any domain for full security report.

magenozaz.pro
magicedem.com
Live
magicseidens.com
Taken Down
maglckeden.online
Taken Down
mail.constellationnetwork.world
Live
mail.dapp-allthingslemon.world
Taken Down
mail.ghchambers.com
Live
mail.multisafeprotocol.xyz
Taken Down
manritsnoe.com
Live
manyu.sushiswap.tech
Taken Down
market.aavs.financial
Live
marketing.aavc.exchange
Taken DownAngel Drainer
markets.unisvap.finance
Live
markettradershub.click
Taken Down
mavia.builders
Live
mavia.comapp.cpacdc.com
Taken Down
mavia.help
Live
maviaairdrop.com
Live
mavias.click
Taken Down
maviau.com
Live
mavv.work
Taken DownWallet Connect Abuse
mavvia.app
Taken Down
mavvia.org
Taken Down
mellowman.sushis.dev
Taken Down
memecoinpump.fun
Taken DownWallet Connect Abuse
memeindex-ie.web.app
LiveAngel Drainer
merak-testnet.space
Taken Down
merlinchain.sushiswap.info
LiveAngel Drainer
meta-mask-co-wallet.blogspot.com
Taken Down
metaplex.sushis.vip
Taken Down
meteora-staging-launchpad.accessprotocol.co
Taken Down
meteora.to
Live
meteorag.eu
Taken Down
mgaeth.com
Taken DownAngel Drainer
microinc.io
Live
migrate.privixchain.com
LiveAngel Drainer
milady.sushiswap.buzz
Taken Down
mindsol.app
Live
mistai.org
Taken DownSolana Drainer
mochi-drop.airpump.top
Taken DownSolana Drainer
modulr-events.com
LiveAngel Drainer
mog.sushiswap.one
Taken Down
momo.onsol.pro
Taken DownSolana Drainer
monotomic.io
Taken Down
moonwellfenance.org
Taken DownAngel Drainer
mrbob.io
Live
mubarak.sushiswap.buzz
Taken Down
multichainapp.live
Taken Down
multichainode.net
Taken Down
my.crescentmpb.com
Live
my.expresssureexcrow.co.uk
Taken Down
ncsreplacement.org.ng
Live
near.sushiswap.buzz
Taken Down
negaeth.com
LiveAngel Drainer
neiro.sushi.us.com
Taken Down
neiro.sushiswap.art
Taken Down
neiro.sushiswap.onl
Taken Down
newton.sushis.ninja
LiveAngel Drainer
nexairdropclaim.netlify.app
Taken Down
nexus-stake.web.app
Live
« Prev ... 115 116 117 118 119 120 121 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

149,386+ domains with security reports

Live Threats

34,660 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence