Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

147,440Total Detected
91,694Taken Down
65.4%Kill Rate
92.5%VT Coverage
39,312Abuse Reports
Overview May 262,806 Apr 2615,640 Mar 2618,819 Feb 2642,100 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
7,081
Taken Down
4,142
Still Live
60.1%
Kill Rate
1956h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,992 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

1957766.com
18 VTTaken Down
1inch.airdropsalert.app
18 VTTaken Down
1nstagram.co.in
18 VTTaken Down
217-160-164-192.cprapid.com
18 VTLive
2yusq7ngwdm363cj87v96gs5do-docusignsharepoints.steelheadincs.com
18 VTTaken Down
33565.com
18 VTTaken Down
365kjump.cc
18 VTTaken Down
3a44ba27.lvcshgchydcguahha.pages.dev
18 VTTaken Down
411852coinbase.com
18 VTTaken Down
453441-coinbase.com
18 VTLive
504e1ee0.host.njalla.net
18 VTTaken Down
606.top
18 VTLive
6e97cb34.ngddguteetdy.pages.dev
18 VTLive
6h073.com
18 VTLive
6h337.com
18 VTLive
76653322.com
18 VTTaken Down
99d04a7a-345a-48sc-8ea3-a9a626aa773e-00-3qpe7ieitscyb.live
18 VTLive
accesobhdactivar.webcindario.com
18 VTTaken Down
access-coin-coms.daftpage.com
18 VTTaken Down
accss-ledger-public.typedream.app
18 VT
actionbdh.wuaze.com
18 VTLive
adiraneazkuenaga.es
18 VTTaken Down
adjudicator-ods.insolvency-development.co.uk
18 VTTaken Down
aerodrome-distributions.com
18 VTLive
aethircheck.live
18 VTTaken DownAngel Drainer
airbnb-clone-2-a869t5upn-swissjake.vercel.app
18 VTLive
airdropalert.now
18 VTTaken Down
airdropalert.us
18 VTTaken Down
aktifkanpaylater.fxqu.my.id
18 VTLive
alhouqefoodbd.com
18 VT
amandes-gov.com
18 VTLive
amazon-clone-delta-sage.vercel.app
18 VTTaken Down
amerilcanexprress.com
18 VTLive
amexo.cocolozas.com
18 VTTaken Down
anular-debito-bancolombia.iceiy.com
18 VTLive
app-magmafinance.com
18 VT
appifashion.com
18 VT
aqknyozl.4qiuj.com
18 VTLive
arbitrumflow.xyz
18 VTTaken Down
ariteger.com
18 VTTaken Down
arizanurcahyasetiawan.com
18 VTTaken Down
ateradata.com
18 VTTaken Down
att021.weebly.com
18 VTTaken Down
attmailcenter-106813.weeblysite.com
18 VTTaken Down
auth-coinbasse-x-cdn.daftpage.com
18 VTTaken Down
auth-kraken-com-auth.tem3.io
18 VT
avukat-dosyam.com
18 VTLive
avukatdosyasistemim.com
18 VT
awdwsadss.top
18 VTTaken Down
b230g.xyz
18 VTTaken Down
b45030.com
18 VTTaken Down
b45033.com
18 VTTaken Down
baapfantasy.live
18 VTLive
bafkreibxvaoayroublw3ny5hscsuy4q7mctajhyt6kdpxh576hb4ujy5si.ipfs.dweb.link
18 VTTaken Down
bafybeian4zt4p7vnsmhrdxd255ieqqdhfdnlchf2l46lwhfuz57bvwyoiy.ipfs.dweb.link
18 VTTaken Down
bafybeibkbwhd66vsgqu5n6n36clzhocy66gowcq46isrci6kbeqee6vwue.ipfs.dweb.link
18 VTTaken Down
bafybeibltdvhbav4rq6reiixvypvumf62rgovvrwtspb7cn3ytsfp4gzdq.ipfs.infura-ipfs.io
18 VTTaken Down
bafybeicakljrcne7ikzpdmshde2j5kof5arq2ywfu3j7vzutwmub32mgrq.ipfs.dweb.link
18 VTTaken Down
bafybeicuxqau7b67tj32zjppm5nmsa7oad2kttn6xzmks2dx3bmezbl5ky.ipfs.dweb.link
18 VTTaken Down
bafybeidvx6hveqeefsjwhbvgejdhq66mqko34cdanduu54ebihc52d7btq.ipfs.dweb.link
18 VTLive
« Prev ... 12 13 14 15 16 17 18 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

147,440+ domains with security reports

Live Threats

48,475 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence