Threat Intelligence Dashboard

September 2025 Report

Detailed threat intelligence for 7,307 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
September 2025 Intelligence Report 92.9%
7,307
3,789
Taken Down
3,394
Still Live
51.9%
Kill Rate
4047h
Avg Response
4.6
Avg VT Score

In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.

  • N/A leads in registrar abuse with 819 domains, followed closely by NICENIC INTERNATIONAL GROUP CO., LIMITED with 721 domains.
  • Crypto brands like Generic Crypto and SushiSwap were heavily targeted, overshadowing traditional sectors like banking.
  • The .com TLD remains the most weaponized with 2,561 domains, while .xyz and .live show growing abuse.
  • The Angel Drainer kit was used in 1,120 incidents, indicating a focus on wallet draining and seed theft.
  • The US hosts the majority of phishing infrastructure with 5,931 domains, but there is notable activity in Germany and Netherlands.
  • Detection-to-takedown efficiency remains challenged with a mean response time of 3,828.5 hours, necessitating faster registrar actions.
Outlook
Expect continued emphasis on crypto-targeted phishing, with potential diversification in drainer kit variants. Watch for increased activity from registrars like N/A and NICENIC INTERNATIONAL GROUP CO., LIMITED, which may require escalation. Defenders should prepare for heightened phishing activity around key crypto events and ensure rapid response capabilities.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 771
Web Commerce Communications Limited 677
PDR Ltd. d/b/a PublicDomainRegistry.com 591
Dynadot LLC 549
NameSilo, LLC 510
OwnRegistrar, Inc. 363
NameCheap, Inc. 362
Cloudflare, Inc. 325

Targeted Brands

BrandDomains
across 737
SushiSwap 398
Airdrop Scam 271
Solana 270
ethereum 210
Ledger 201
binance 178
metamask 155

Top TLDs

.com2,561 .xyz748 .live390 .app335 .org315 .net190 .top178 .io133

Hosting Countries

🇺🇸 US5,993 🇩🇪 DE316 🇳🇱 NL192 🇷🇺 RU100 🇭🇰 HK74 🇬🇧 GB58 🇨🇦 CA44 FI39

Active Drainer Kits

Angel Drainer1,120 Solana Drainer332 Wallet Connect Abuse305 Ice Phishing12 Inferno Drainer5

September 2025 Domains (7,307)

Sorted by VirusTotal detections. Click any domain for full security report.

metamask-logii.pineapple.page
15 VT
metamask-wallet.to
15 VTTaken Down
metamaskloeegin.w3spaces.com
15 VTTaken Down
metamaskuk.cc
15 VTTaken Down
mytamasklogen.webflow.io
15 VTTaken Down
noox.fi
15 VTTaken DownWallet Connect Abuse
nooxdao.top
15 VTTaken DownWallet Connect Abuse
official-ledger.live
15 VTTaken Down
okxplay.com
15 VTTaken Down
p0.fsoall.ir
15 VT
paijkcakeswap.com
15 VTTaken DownAngel Drainer
paikecakeswap.com
15 VTTaken DownAngel Drainer
pasxfful.com
15 VTTaken Down
portal.openledgerhq.click
15 VTLive
pswap.flnanceconnect.app
15 VTTaken DownAngel Drainer
pythop.com
15 VTLive
qbointuit.app
15 VTTaken Down
rabby-app.com
15 VTTaken Down
remote.login-coinbase-secured.com
15 VTTaken Down
rexas-token.xyz
15 VTLiveAngel Drainer
same-clone-httpsphantom-com-0ov51pijrj2-latest.netlify.app
15 VTTaken Down
simpleswap-io.to
15 VTTaken Down
stakewlfi.top
15 VTTaken Down
stlink.world
15 VTTaken DownWallet Connect Abuse
swap.web-1inch.to
15 VTTaken Down
tokenpocket.hk.cn
15 VTLive
tpwallct.com
15 VTLive
trezor-suite.co.com
15 VTLive
v1-ledger.live
15 VTTaken Down
v2-ledger.live
15 VTTaken Down
v3-open-sea-opensea-nft-marketplace.net
15 VTTaken Down
v4-ledger.live
15 VTTaken Down
wallet-assist-desk.app
15 VTTaken Down
wallet.web-rabby.to
15 VTTaken Down
wallet.web-solflare.to
15 VTTaken Down
walletpinet.com
15 VTTaken Down
wallettconect.com
15 VTTaken Down
web-coinbase-com-auth.pineapple.page
15 VT
web-coinbase-comm.pineapple.page
15 VTTaken Down
web-rabby.to
15 VTTaken Down
welcome-ledgaer-com.netlify.app
15 VTTaken Down
wlfi-unlock-box.com
15 VTLiveAngel Drainer
wollrdllberteyflnanclale.info
15 VTLiveAngel Drainer
worldliberltyfinancial.com
15 VTTaken DownAngel Drainer
www.wlfidesktop.app
15 VTTaken Down
www.worldquantumfinance.com
15 VTTaken Down
www.zkswap.fun
15 VTLive
yardim.sbs
15 VTLive
zerano.cc
15 VTTaken Down
08pf.cn
14 VTLive
1inch.4everland.app
14 VTTaken Down
1ylm.com.cn
14 VTTaken Down
aethir-2-20mr.4everland.app
14 VTTaken Down
aml-sector.world
14 VTTaken Down
amlcheck.in
14 VTLiveWallet Connect Abuse
anniversary-ethereum.com
14 VTLiveAngel Drainer
apex-advisors.pro
14 VTTaken Down
app-jup.ag
14 VTTaken Down
app.web-rabby.to
14 VTTaken Down
appether.fi
14 VTTaken DownAngel Drainer
« Prev 1 2 3 4 5 6 7 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence