Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

150,320Total Detected
110,739Taken Down
78.3%Kill Rate
92.5%VT Coverage
40,094Abuse Reports
Overview May 264,061 Apr 2615,639 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
9,114
Taken Down
2,008
Still Live
77.4%
Kill Rate
2340h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

tarkov1.com
5 VTTaken Down
tautulli.krakenskeep.com
5 VTTaken Down
test.mspfos1.sa.com
5 VTLive
testnet-monod.top
5 VTTaken Down
tetherdefai.app
5 VTWallet Connect Abuse
thanksnet.jp
5 VTTaken Down
ticket.848152.com
5 VTTaken Down
token.pamp.plus
5 VTTaken Down
tokens-alloca.org
5 VTWallet Connect Abuse
tor-mart.pro
5 VTTaken Down
tr.bahiscasino-erisimiadresi.com
5 VTLive
tr.girsenebahiscasino.com
5 VTTaken Down
trazor-io-started.created.app
5 VTTaken Down
treasury-jupiter.icu
5 VTTaken Down
trezoiostart.ghost.io
5 VTTaken Down
trezsuiteapp.created.app
5 VTTaken Down
tronenergy.mov
5 VTTaken Down
trustlayersfix.netlify.app
5 VTTaken Down
trxes.org
5 VT
trxex.org
5 VTLive
trxne.org
5 VTTaken Down
uni-distribution.net
5 VTTaken DownAngel Drainer
unidefi.top
5 VTTaken Down
unlck-event.xyz
5 VTTaken DownSolana Drainer
uralklad.to
5 VTTaken Down
us-0zoom-0connect.pages.dev
5 VTLive
us-auth-meta.framer.ai
5 VTTaken Down
us05web-zoom.icu
5 VTTaken Down
uscrgovs.net
5 VTTaken DownAngel Drainer
uscrsolana.com
5 VTTaken Down
usdtmixer.app
5 VTTaken Down
uselesscoin.claims
5 VTTaken DownAngel Drainer
uselesscoinv3.xyz
5 VTTaken Down
user-connect-multichain.cc
5 VTTaken Down
uwpremiumtg.live
5 VTTaken Down
uzblovegoapp.world
5 VTLiveSolana Drainer
v1-cigen.top
5 VTTaken Down
v1-mev-dex.top
5 VTTaken Down
v2-aav.top
5 VTTaken Down
vanishtrade.xyz
5 VTAngel Drainer
verify.form7604.world
5 VTTaken Down
vivalavida.sbs
5 VT
vmi2931050.contaboserver.net
5 VTTaken Down
volumesolana.com
5 VTTaken Down
vote.moonshotts.app
5 VTTaken DownAngel Drainer
vote.rnoonnshot.xyz
5 VTTaken DownAngel Drainer
voting-originprotocol.xyz
5 VTTaken Down
vpn.worldlibertyfinicial.com
5 VTTaken Down
wallet-save.com
5 VTTaken Down
walletconnect-web.app
5 VTTaken Down
wallsec.app
5 VTTaken DownWallet Connect Abuse
waxwex.com
5 VTTaken Down
we-gonnadothisornot.com
5 VTTaken DownAngel Drainer
web-coinbasepro-eng-us.framer.media
5 VTTaken Down
web3-vulcan.xyz
5 VTTaken Down
web3dappsnetwork.com
5 VT
web3okx-okx-okxt-08.pages.dev
5 VTLive
web3safesecure.com
5 VTTaken Down
web3safewalletsecure.com
5 VTTaken Down
web3sale.live
5 VTTaken DownSolana Drainer
« Prev ... 140 141 142 143 144 145 146 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

150,320+ domains with security reports

Live Threats

30,766 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence