Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

160,764Total Detected
110,830Taken Down
73.8%Kill Rate
91%VT Coverage
43,854Abuse Reports
Overview Jun 263,051 May 267,023 Apr 2615,635 Mar 2618,817 Feb 2642,096 Jan 268,930 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
December 2025 Intelligence Report 6.4%
11,773
7,721
Taken Down
3,486
Still Live
65.6%
Kill Rate
2449h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
Coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
google 213
x.com 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

app.kyq.finance
8 VTTaken DownWallet Connect Abuse
app.riftswaps.xyz
8 VTTaken Down
appcheck-eligibility.cb90092.com
8 VTLive
appeal.health
8 VTTaken Down
approvecommand.com
8 VTLive
apps--suites-eng.framer.ai
8 VTTaken Down
appstartedtrezr.ghost.io
8 VTTaken Down
artc.vip
8 VTTaken Down
asterdex-lending.com
8 VTTaken Down
asterdexdrop.app
8 VTLiveWallet Connect Abuse
auryxelle.shop
8 VTTaken Down
auth.worldlibertyfinancial.meme
8 VTTaken Down
authd-kraken-my.daftpage.com
8 VTTaken Down
authenticated-ledger.com
8 VTTaken Down
autodiscover.prime-coinbase.com
8 VTLive
base-coine-login.framer.ai
8 VTTaken Down
base-extension.framer.ai
8 VTTaken Down
baseinet-digital.live
8 VTTaken Down
basewalletsupportservice.parclixlogistics.com
8 VTLive
baza5.cc
8 VTLive
beginsite.ghost.io
8 VTTaken Down
betdeal.pro
8 VTTaken Down
betonbase365.xyz
8 VTTaken DownWallet Connect Abuse
betrium.live
8 VTLive
bitcoinexplorer.cc
8 VTTaken Down
bitfastconnect.sbs
8 VTLive
bleutrade.io
8 VTLive
blog.doxhealth.com
8 VTTaken Down
bnb-4.vip
8 VTTaken DownWallet Connect Abuse
bob-sepolia-mv8k6vobz-distributed-crafts.vercel.app
8 VTLiveWallet Connect Abuse
bonus-bestwallet.com
8 VTTaken Down
boosteth-app.com
8 VTTaken Down
bridgetest1233.xyz
8 VTLive
celestinebodi.com
8 VTTaken Down
cenactresolver.xyz
8 VTTaken Down
cgl.iwp.mybluehost.me
8 VTTaken Down
check-solstice.xyz
8 VTTaken Down
checker-aml.cc
8 VTTaken Down
checkrug.com
8 VTTaken DownAngel Drainer
chrome-coinbase-extensionn.created.app
8 VTTaken Down
claim-juplter.top
8 VTTaken Down
claim-kabuto.pages.dev
8 VTLiveAngel Drainer
claim.theoriqai.com
8 VTLive
coen-en-base-webs.framer.media
8 VTTaken Down
coiinbsse-en-help.created.app
8 VTTaken Down
coin-coinbase.created.app
8 VTTaken Down
coin-en-io.framer.media
8 VTTaken Down
coin-extension.framer.ai
8 VTTaken Down
coinbase--extenton.created.app
8 VTTaken Down
coinbase-extension-secure.created.app
8 VTTaken Down
coinbase-finances.com
8 VT
coinbase-logi-n.created.app
8 VTTaken Down
coinbase-wallet-eng-exteension.created.app
8 VTTaken Down
coinbase-web-io.framer.ai
8 VTTaken Down
coinbase-withdrawal-limit.blogspot.com
8 VTTaken Down
coinbasecode.wordpress.com
8 VTTaken Down
coinbaseex.created.app
8 VTTaken Down
coinbaseone.org
8 VT
coinbasextension.created.app
8 VTTaken Down
coinbasextensioncloud.created.app
8 VTTaken Down
« Prev ... 112 113 114 115 116 117 118 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

160,764+ domains with security reports

Live Threats

39,376 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence