Threat Intelligence Dashboard

September 2025 Report

Detailed threat intelligence for 7,307 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

107,732Total Detected
92,561Taken Down
86.3%Kill Rate
94.3%VT Coverage
25,332Abuse Reports
Overview Mar 269,496 Feb 2618,204 Jan 268,931 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
September 2025 Intelligence Report 92.9%
7,307
7,135
Taken Down
172
Still Live
97.6%
Kill Rate
4154h
Avg Response
4.6
Avg VT Score

In September 2025, PhishDestroy detected 7,307 phishing domains, marking a 92.9% increase from the previous month, with a significant surge in activity on September 20th. The operational impact was notable with a takedown rate of 82.2%, although the mean registrar response time remained high at 3,828.5 hours. Attackers continued to focus on the crypto sector, with Generic Crypto and SushiSwap as top targets, indicating a shift in targeting tactics. The dominance of the Angel Drainer kit suggests a persistent threat of wallet draining and seed theft for victims.

  • N/A leads in registrar abuse with 819 domains, followed closely by NICENIC INTERNATIONAL GROUP CO., LIMITED with 721 domains.
  • Crypto brands like Generic Crypto and SushiSwap were heavily targeted, overshadowing traditional sectors like banking.
  • The .com TLD remains the most weaponized with 2,561 domains, while .xyz and .live show growing abuse.
  • The Angel Drainer kit was used in 1,120 incidents, indicating a focus on wallet draining and seed theft.
  • The US hosts the majority of phishing infrastructure with 5,931 domains, but there is notable activity in Germany and Netherlands.
  • Detection-to-takedown efficiency remains challenged with a mean response time of 3,828.5 hours, necessitating faster registrar actions.
Outlook
Expect continued emphasis on crypto-targeted phishing, with potential diversification in drainer kit variants. Watch for increased activity from registrars like N/A and NICENIC INTERNATIONAL GROUP CO., LIMITED, which may require escalation. Defenders should prepare for heightened phishing activity around key crypto events and ensure rapid response capabilities.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 748
Web Commerce Communications Limited 675
PDR Ltd. d/b/a PublicDomainRegistry.com 572
Dynadot LLC 549
NameSilo, LLC 504
OwnRegistrar, Inc. 362
NameCheap, Inc. 358
Cloudflare, Inc. 325

Targeted Brands

BrandDomains
Solana 324
Ledger 198
Ethereum 113
Linea 101
OKX 92
Uniswap 84
Jupiter 84
AMLBot 60

Top TLDs

.com2,561 .xyz748 .live390 .app335 .org315 .net190 .top178 .io133

Hosting Countries

🇺🇸 US5,807 🇩🇪 DE316 🇳🇱 NL192 🇷🇺 RU100 🇭🇰 HK74 🇬🇧 GB58 🇨🇦 CA44 FI39

Active Drainer Kits

Angel Drainer1,120 Solana Drainer332 Wallet Connect Abuse305 Ice Phishing12 Inferno Drainer5

September 2025 Domains (7,307)

Sorted by VirusTotal detections. Click any domain for full security report.

roblox.com.py
23 VTTaken Down
roblox.gs
23 VTTaken Down
chain-keflex-2u.com
20 VTTaken Down
roblox.mq
20 VTTaken Down
www.paypal-securecheck-update.com
20 VTTaken Down
118924-coinbase.com
19 VTTaken Down
ai-pro-iplex-soft.com
19 VTTaken Down
crypto-capitalapp.com
19 VTTaken Down
immediate-galaxy-app.com
19 VTTaken Down
immediateluxsoft.com
19 VTTaken Down
ledger-live-com-firmwareupdate.eggpco.com
19 VTTaken Down
maniventresync.on-fleek.app
19 VTTaken Down
phantomw.net
19 VTTaken Down
stake-world.com
19 VTTaken Down
steamcommunnitty.cc
19 VTTaken Down
24robinhoodtradingoption.com
18 VTTaken Down
3011m3011.com
18 VTTaken Down
aiwinglet-1000.com
18 VTTaken Down
auth-secure.pt
18 VTTaken Down
bitcoin-evista-software.com
18 VTTaken Down
btc-750esamx.net
18 VTTaken Down
btc-esamx.com
18 VTTaken Down
btc-income-app.com
18 VTTaken Down
chain-flomaxlab.com
18 VTTaken Down
coinbase-550912.com
18 VTTaken Down
debank.com-en-us.network
18 VTTaken DownSolana Drainer
edgevaultra-solution.com
18 VTTaken Down
farmpancake.com
18 VTTaken Down
godprox.cc
18 VTTaken Down
ledger-com-firmwareupdates.nordskills.eu
18 VTTaken Down
ledger-com-start-start-us-app.typedream.app
18 VTTaken Down
metamask.escae.inphb.ci
18 VTTaken Down
remaskoline.cc
18 VTTaken Down
zylerion-app.com
18 VTTaken Down
aml-trust.info
17 VTTaken DownWallet Connect Abuse
aster-investing.com
17 VTTaken DownAngel Drainer
btc-750-esamx.com
17 VTTaken Down
btc-edone.com
17 VTTaken Down
btc-esamx20.com
17 VTTaken Down
bybit-cfp.com
17 VTTaken Down
coinbase-wallet-online.typedream.app
17 VTTaken Down
coinex.plus
17 VTTaken Down
cs2bus.com
17 VTTaken Down
dapps-debug.firebaseapp.com
17 VTTaken DownWallet Connect Abuse
distributed-signal-clustered.com
17 VTTaken Down
easywalletconnect.com
17 VTLive
ethereum-mixer.io
17 VTTaken Down
ff-exchange.app
17 VTTaken Down
foundation-github.com
17 VTTaken Down
gitcoin-passport.com
17 VTTaken Down
htex-panel.at
17 VTTaken Down
kryptomixer.io
17 VTTaken Down
ladgerstart.com
17 VTTaken Down
ledger.userdiagnosis.com
17 VTTaken Down
login.workshopmodsaward.com
17 VTTaken Down
me-erc20.cc
17 VTTaken Down
mp.pancake.run
17 VTTaken Down
myapple.webflow.io
17 VTTaken Down
online-giris.duckdns.org
17 VTTaken Down
pancake-v4.swap-dashboard-v3.app
17 VTTaken DownAngel Drainer
1 2 3 4 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

107,732+ domains with security reports

Live Threats

14,744 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence