Threat Intelligence Dashboard

September 2025 Report

Detailed threat intelligence for 7,307 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,044Total Detected
79,240Taken Down
57%Kill Rate
92.4%VT Coverage
38,871Abuse Reports
Overview May 261,960 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
September 2025 Intelligence Report 92.9%
7,307
3,789
Taken Down
3,394
Still Live
51.9%
Kill Rate
4047h
Avg Response
4.6
Avg VT Score

In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.

  • N/A leads in registrar abuse with 819 domains, followed closely by NICENIC INTERNATIONAL GROUP CO., LIMITED with 721 domains.
  • Crypto brands like Generic Crypto and SushiSwap were heavily targeted, overshadowing traditional sectors like banking.
  • The .com TLD remains the most weaponized with 2,561 domains, while .xyz and .live show growing abuse.
  • The Angel Drainer kit was used in 1,120 incidents, indicating a focus on wallet draining and seed theft.
  • The US hosts the majority of phishing infrastructure with 5,931 domains, but there is notable activity in Germany and Netherlands.
  • Detection-to-takedown efficiency remains challenged with a mean response time of 3,828.5 hours, necessitating faster registrar actions.
Outlook
Expect continued emphasis on crypto-targeted phishing, with potential diversification in drainer kit variants. Watch for increased activity from registrars like N/A and NICENIC INTERNATIONAL GROUP CO., LIMITED, which may require escalation. Defenders should prepare for heightened phishing activity around key crypto events and ensure rapid response capabilities.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 771
Web Commerce Communications Limited 677
PDR Ltd. d/b/a PublicDomainRegistry.com 591
Dynadot LLC 549
NameSilo, LLC 510
OwnRegistrar, Inc. 363
NameCheap, Inc. 362
Cloudflare, Inc. 325

Targeted Brands

BrandDomains
across 737
SushiSwap 398
Airdrop Scam 271
Solana 270
ethereum 210
Ledger 201
binance 178
metamask 155

Top TLDs

.com2,561 .xyz748 .live390 .app335 .org315 .net190 .top178 .io133

Hosting Countries

🇺🇸 US5,993 🇩🇪 DE316 🇳🇱 NL192 🇷🇺 RU100 🇭🇰 HK74 🇬🇧 GB58 🇨🇦 CA44 FI39

Active Drainer Kits

Angel Drainer1,120 Solana Drainer332 Wallet Connect Abuse305 Ice Phishing12 Inferno Drainer5

September 2025 Domains (7,307)

Sorted by VirusTotal detections. Click any domain for full security report.

roblox.com.py
23 VTLive
roblox.gs
21 VTTaken Down
roblox.mq
21 VTLive
chain-keflex-2u.com
20 VTLive
www.paypal-securecheck-update.com
20 VTTaken Down
118924-coinbase.com
19 VTTaken Down
ai-pro-iplex-soft.com
19 VTLive
crypto-capitalapp.com
19 VTLive
immediate-galaxy-app.com
19 VTLive
immediateluxsoft.com
19 VTLive
ledger-live-com-firmwareupdate.eggpco.com
19 VTTaken Down
maniventresync.on-fleek.app
19 VTTaken Down
phantomw.net
19 VTTaken Down
stake-world.com
19 VTLive
steamcommunnitty.cc
19 VTLive
24robinhoodtradingoption.com
18 VTLive
3011m3011.com
18 VTTaken Down
aiwinglet-1000.com
18 VTLive
auth-secure.pt
18 VTTaken Down
bitcoin-evista-software.com
18 VTLive
btc-750esamx.net
18 VTLive
btc-esamx.com
18 VTLive
btc-income-app.com
18 VTLive
chain-flomaxlab.com
18 VTLive
coinbase-550912.com
18 VTLive
debank.com-en-us.network
18 VTLiveSolana Drainer
edgevaultra-solution.com
18 VTLive
farmpancake.com
18 VTTaken Down
godprox.cc
18 VTLive
ledger-com-firmwareupdates.nordskills.eu
18 VTTaken Down
ledger-com-start-start-us-app.typedream.app
18 VTTaken Down
metamask.escae.inphb.ci
18 VTTaken Down
remaskoline.cc
18 VTLive
zylerion-app.com
18 VTLive
aml-trust.info
17 VTLiveWallet Connect Abuse
aster-investing.com
17 VTTaken DownAngel Drainer
btc-750-esamx.com
17 VTLive
btc-edone.com
17 VTLive
btc-esamx20.com
17 VTLive
bybit-cfp.com
17 VTTaken Down
coinbase-wallet-online.typedream.app
17 VTTaken Down
coinex.plus
17 VTTaken Down
cs2bus.com
17 VTLive
dapps-debug.firebaseapp.com
17 VTTaken DownWallet Connect Abuse
distributed-signal-clustered.com
17 VTTaken Down
easywalletconnect.com
17 VTTaken Down
ethereum-mixer.io
17 VTTaken Down
ff-exchange.app
17 VTLive
foundation-github.com
17 VTTaken Down
gitcoin-passport.com
17 VTTaken Down
htex-panel.at
17 VTTaken Down
kryptomixer.io
17 VTLive
ladgerstart.com
17 VTTaken Down
ledger.userdiagnosis.com
17 VTTaken Down
login.workshopmodsaward.com
17 VTLive
me-erc20.cc
17 VTTaken Down
mp.pancake.run
17 VTTaken Down
myapple.webflow.io
17 VTTaken Down
online-giris.duckdns.org
17 VTLive
pancake-v4.swap-dashboard-v3.app
17 VTTaken DownAngel Drainer
1 2 3 4 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,044+ domains with security reports

Live Threats

59,684 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence